Snapcraft

Missing account-key revocation support

Bug #1800825 reported by Celso Providelo on 2018-10-31

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Snap Store Server	New	Wishlist	Unassigned
	Snapcraft	New	Undecided	Unassigned

Bug Description

As we can see in https://forum.snapcraft.io/t/snapcraft-register-key-failing/7732, store developers can very easily lose their private keys, even before they could sign anything with them. For those cases, a destructive form of key revocation (when all signatures are invalidated) would probably work.

A more selective form of key revocation (when signatures prior to the action are considered valid) requires more elaborate support for timeproofs.

In the interim, `snapcraft` CLI could be more informative about how to backup and restore keys (from `~/.snaps/gnupg`) and key-name conflicts.

Tags:

William Grant (wgrant) on 2019-03-08

tags:

added: account-key

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.