UID ordering and preference is suboptimal

Bug #1195901 reported by Phil Pennock on 2013-06-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Casey Marshall

Bug Description

It looks as though Hockeypuck is preferring the latest UID on a key for the name/email address to show, both for the key itself and when referencing it in signature listing displays on other keys.

I suggest the algorithm should be:
  * remove any uids which have been revoked
  * if any uid has a primary uid bool flag set true on it, restrict the set of uids to those with that flag (should be only one, but in the real world might be N)
  * if more than one uid left, prefer the oldest, as being more likely to be "core", with other addresses bolted on.

Case in point: my key 0x403043153903637f has numerous signatures, one has a primary uid flag set on it, but the gazzang instance of Hockeypuck chooses to show the uid specific to a project I work on instead.

Casey Marshall (cmars) on 2013-06-28
Changed in hockeypuck:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Casey Marshall (cmars)
milestone: none → 1.0
Casey Marshall (cmars) wrote :

Should be addressed at bzr199, needs a test case.

Changed in hockeypuck:
status: Triaged → In Progress
Phil Pennock (phil.pennock) wrote :

Well, my key is one which has multiple uids, only one set primary, the most recent is not the primary, and I don't think the oldest is either, see 0x403043153903637f.

A key signed by mine can be seen in a listing at:

Note that one is signed by two of my keys, the one shown as 3903637f is, at time of writing, being listed with an @exim.org UID, which is the latest (but not primary) UID.

Casey Marshall (cmars) wrote :

Noted. If you don't mind a snashot of your public key being added to the source tree, I'll make a unit test with it to prove out the logic.

A Rackspace-hosted 1.0 beta is coming very soon. keyserver.gazzang.net is still running the old 0.9 release and won't upgrade until 1.0 GA.

Phil Pennock (phil.pennock) wrote :

Meh, it's public data, almost by definition, and is in the public keyservers, so is de facto anyway, so go for it.

Probably worth using gpg's `--export-options export minimal` to remove all the signatures and revoked stuff (unless you want to keep the revoked uids for further testing).

Casey Marshall (cmars) on 2013-09-15
Changed in hockeypuck:
status: In Progress → Fix Committed
Casey Marshall (cmars) wrote :

It looks to me that SKS chooses the primary UID displayed first by the latest selfsig timestamp in index.ml. I've decided for the time being to sort keys in general by primary flag first, then order by latest selfsig descending.

Fixed at bzr205.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers