2008-12-02 22:09:37 |
marco.pallotta |
bug |
|
|
added bug |
2008-12-02 22:18:55 |
marco.pallotta |
None: bugtargetdisplayname |
Ubuntu |
seahorse (Ubuntu) |
|
2008-12-02 22:18:55 |
marco.pallotta |
None: bugtargetname |
ubuntu |
seahorse (Ubuntu) |
|
2008-12-02 22:18:55 |
marco.pallotta |
None: statusexplanation |
|
|
|
2008-12-02 22:18:55 |
marco.pallotta |
None: title |
Bug #304565 in Ubuntu: "seahorse issues in trust functions" |
Bug #304565 in seahorse (Ubuntu): "seahorse issues in trust functions" |
|
2008-12-03 06:55:23 |
marco.pallotta |
description |
I have noticed that the trusting functions in seahorse are misleading and don't work very well (to be the truth are a disaster). In fact we have (I have an italian translation so I hope to translate correctly):
- the option "I have verified that this key is owned by <<USER>>" in the trust tab of the key properties
- the trust care ("no care", "random care", "very carefully") in the verifying procedure of the key in the sign key window
Now, once imported, I have the opportunity to sign a key only with the "sign" button (in fact to sign the key with the sign button in the trust tab I have to enable the option "I have verified that this key is owned by <<USER>>): this is the first bug, in fact I find correct to sign a key only after having verified the ownership of the key but seahorse also permits to me to sign the key via sign button in the main window without checking the option described before. Now this bug brings to a paradoxical bug as we can have a key signed, after verifying its ownership very carefully, without having checked the option "I have verified that this key is owned by <<USER>>" and the key is not placed in the "trust keys" tab in the main seahorse window.
Then, after signing the key, if I open the key properties to check the option "I have verified that this key is owned by <<USER>>", to remove the paradox and to place the key in the trust tab, the fact that the key were signed disappears (people that signed the key disappears) in the trust tab and appears the button "sign this key" (another bug as I already signed the key). I don't sign it again, but I close the property window and then I reopen it. All seems to be ok now:
- the option "I have verified that this key is owned by <<USER>>" is checked
- the sign button is not present but there is a "revoke the sign" button in grey (is this another bug? How can I revoke the key if I created it with this possibility but the button is always not selectable?)
- people that signed the key are showed
Now If I go to the "detail" tab to select the trust level and then I go again in the trust tab all the above scenario disappears again and the "trust this key" button is already showed (another bug). So I have to close the property window and reopen it to show a correct situation. |
I have noticed that the trusting functions in seahorse are misleading and don't work very well (to be the truth are a disaster). In fact we have (I have an italian translation so I hope to translate correctly):
- the option "I have verified that this key is owned by <<USER>>" in the trust tab of the key properties
- the trust care ("no care", "random care", "very carefully") in the verifying procedure of the key in the sign key window
Now, once imported, I have the opportunity to sign a key only with the "sign" button (in fact to sign the key with the sign button in the trust tab I have to enable the option "I have verified that this key is owned by <<USER>>): this is the first bug, in fact I find correct to sign a key only after having verified the ownership of the key but seahorse also permits to me to sign the key via sign button in the main window without checking the option described before. Now this bug brings to a paradoxical bug as we can have a key signed, after verifying its ownership very carefully, without having checked the option "I have verified that this key is owned by <<USER>>" and the key is not placed in the "trust keys" tab in the main seahorse window.
Then, after signing the key, if I open the key properties to check the option "I have verified that this key is owned by <<USER>>", to remove the paradox and to place the key in the trust tab, the fact that the key were signed disappears (people that signed the key disappears) in the trust tab and appears the button "sign this key" (another bug as I already signed the key). I don't sign it again, but I close the property window and then I reopen it. All seems to be ok now:
- the option "I have verified that this key is owned by <<USER>>" is checked
- the sign button is not present but there is a "revoke the sign" button in grey (is this another bug? How can I revoke the key if I created it with this possibility but the button is always not selectable?)
- people that signed the key are showed
Now If I go to the "detail" tab to select the trust level and then I go again in the trust tab all the above scenario disappears again and the "trust this key" button is already showed (another bug). So I have to close the property window and reopen it to show a correct situation.
I'm with Ubuntu Hardy x86_64 and seahorse 2.22.2-0 |
|
2008-12-03 07:04:19 |
Mackenzie Morgan |
seahorse: status |
New |
Incomplete |
|
2008-12-03 07:04:19 |
Mackenzie Morgan |
seahorse: importance |
Undecided |
Medium |
|
2008-12-09 23:42:29 |
Mackenzie Morgan |
seahorse: status |
Incomplete |
New |
|
2008-12-09 23:42:29 |
Mackenzie Morgan |
seahorse: statusexplanation |
|
Wait...I can't reproduce this in Intrepid.
If I do any of the following, the same window comes up:
- Right-click -> Sign
- "Sign" button on toolbar
- Right-click -> Properties -> Trust -> "Sign this Key"
That window asks how carefully the key has been checked. It does not have any requirements on checking the key, so there is no inconsistency.
Nowhere in Seahorse do I see "I have verified that this key is owned by <<USER>>" at all. The Trust tab's only checkbox is "I trust signatures from ____ on other keys." Checking that checkbox is not a requirement to hit the "Sign this Key" button next to it.
Either it changed between 8.04 and 8.10 or the Italian translation is wrong. Trying to see in #ubuntu-it if anyone can translate the current one to see if it changed. |
|
2008-12-10 00:02:54 |
Mackenzie Morgan |
seahorse: status |
New |
Fix Released |
|
2008-12-10 00:02:54 |
Mackenzie Morgan |
seahorse: statusexplanation |
Wait...I can't reproduce this in Intrepid.
If I do any of the following, the same window comes up:
- Right-click -> Sign
- "Sign" button on toolbar
- Right-click -> Properties -> Trust -> "Sign this Key"
That window asks how carefully the key has been checked. It does not have any requirements on checking the key, so there is no inconsistency.
Nowhere in Seahorse do I see "I have verified that this key is owned by <<USER>>" at all. The Trust tab's only checkbox is "I trust signatures from ____ on other keys." Checking that checkbox is not a requirement to hit the "Sign this Key" button next to it.
Either it changed between 8.04 and 8.10 or the Italian translation is wrong. Trying to see in #ubuntu-it if anyone can translate the current one to see if it changed. |
LjL in #ubuntu-it says that the Italian translation in 8.10 matches with what the English 8.10 says, and the Seahorse dev says he's pretty sure that was one of the Seahorse 2.22 -> 2.24 changes. So, I'm marking it Fix Released. |
|
2008-12-10 22:25:24 |
marco.pallotta |
seahorse: status |
Fix Released |
New |
|
2008-12-10 22:25:24 |
marco.pallotta |
seahorse: statusexplanation |
LjL in #ubuntu-it says that the Italian translation in 8.10 matches with what the English 8.10 says, and the Seahorse dev says he's pretty sure that was one of the Seahorse 2.22 -> 2.24 changes. So, I'm marking it Fix Released. |
Morgan, I have to contradict to you as I can confirm in Intrepid almost all I have posted. I made tests with Intrepid live and with seahorse 2.24.1. In fact:
1) I imported a key with "import remote keys" button, I signed it (with "sign" button or with "sign" option in the context menu opened with mouse right button makes not difference), I went to trust tab in key properties and I selected "trust signatures from ... on the other keys" and then the first bug appears as the "sign this key" button (in the same tab) is showed as I didn't sign this key (but I just signed it). If I close this window and then I reopen it the "sing this key" disappears and a grey button "revoke signature" is showed but I have created the key with the ability to revoke it.
2) I imported a key in my keyring, I opened the trust tab in key properties and I signed the key with the button I find in this tab. When signed a new "sign this key" button is showed again. If I close this window and then I re-open it all seems ok.
3) After importing and signing a key I went to the "detail" tab to select the trust level and then I went to the trust tab: the "sign this key" button is showed again, so I have to close the property window and reopen it to show a correct situation.
At last the only thing fixed is the fact that the option "I have verified that this key is owned by <<USER>>" in the trust tab of the key properties is present no more. |
|
2008-12-11 18:56:01 |
Mackenzie Morgan |
bug |
|
|
assigned to seahorse |
2008-12-11 18:57:11 |
Mackenzie Morgan |
seahorse: status |
New |
Confirmed |
|
2008-12-11 18:57:11 |
Mackenzie Morgan |
seahorse: statusexplanation |
Morgan, I have to contradict to you as I can confirm in Intrepid almost all I have posted. I made tests with Intrepid live and with seahorse 2.24.1. In fact:
1) I imported a key with "import remote keys" button, I signed it (with "sign" button or with "sign" option in the context menu opened with mouse right button makes not difference), I went to trust tab in key properties and I selected "trust signatures from ... on the other keys" and then the first bug appears as the "sign this key" button (in the same tab) is showed as I didn't sign this key (but I just signed it). If I close this window and then I reopen it the "sing this key" disappears and a grey button "revoke signature" is showed but I have created the key with the ability to revoke it.
2) I imported a key in my keyring, I opened the trust tab in key properties and I signed the key with the button I find in this tab. When signed a new "sign this key" button is showed again. If I close this window and then I re-open it all seems ok.
3) After importing and signing a key I went to the "detail" tab to select the trust level and then I went to the trust tab: the "sign this key" button is showed again, so I have to close the property window and reopen it to show a correct situation.
At last the only thing fixed is the fact that the option "I have verified that this key is owned by <<USER>>" in the trust tab of the key properties is present no more. |
I talked to the upstream developer yesterday, and he said the oddness of the checkbox is in current trunk still. The GNOME bug is now attached. |
|
2009-01-06 18:30:47 |
Pedro Villavicencio |
seahorse: status |
Confirmed |
Triaged |
|
2009-01-06 18:30:47 |
Pedro Villavicencio |
seahorse: statusexplanation |
I talked to the upstream developer yesterday, and he said the oddness of the checkbox is in current trunk still. The GNOME bug is now attached. |
|
|
2009-01-07 07:41:02 |
Bug Watch Updater |
seahorse: status |
Unknown |
Confirmed |
|
2009-03-16 08:10:12 |
Launchpad Janitor |
seahorse: status |
Triaged |
Fix Released |
|
2009-04-06 19:44:07 |
Bug Watch Updater |
seahorse: status |
Confirmed |
Fix Released |
|
2009-06-28 01:52:07 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/seahorse |
|
2010-09-16 10:45:33 |
Bug Watch Updater |
seahorse: importance |
Unknown |
Medium |
|