ubuntu-archive-removed-keys.gpg not world-readable

Bug #218971 reported by Colin Watson
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
ubuntu-keyring (Ubuntu)
Fix Released
Loïc Minier

Bug Description

Binary package hint: ubuntu-keyring

I happened to notice that /usr/share/keyrings/ubuntu-archive-removed-keys.gpg isn't world-readable. Since it's zero bytes long, this isn't really a problem, but it seems gratuitous; if it had contents there would be no problem with them being world-readable (see the Debian Policy Manual).

Colin Watson (cjwatson)
Changed in ubuntu-keyring:
importance: Undecided → Low
Loïc Minier (lool)
Changed in ubuntu-keyring (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-keyring - 2009.08.28

ubuntu-keyring (2009.08.28) karmic; urgency=low

  * Ship an empty ubuntu-archive-removed-keys.gpg keyring as gpg will create
    it if missing when apt-key lists keys in this keyring; this will overwrite
    the empty keyring with incorrect permissions on user systems which should
    always be empty; LP: #218971.
  * Bump standards-version to 3.8.3.
  * Add build to .PHONY.

 -- Loic Minier <email address hidden> Fri, 28 Aug 2009 11:33:52 +0200

Changed in ubuntu-keyring (Ubuntu):
status: Fix Committed → Fix Released
Loïc Minier (lool)
Changed in apt (Ubuntu):
assignee: nobody → Loïc Minier (lool)
status: New → Fix Committed
Changed in ubuntu-keyring (Ubuntu):
assignee: nobody → Loïc Minier (lool)
Loïc Minier (lool)
Changed in apt (Ubuntu):
assignee: Loïc Minier (lool) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (10.0 KiB)

This bug was fixed in the package apt -

apt ( karmic; urgency=low

  [ Matt Zimmerman ]
  * apt-pkg/deb/dpkgpm.cc:
    - Suppress apport reports on dpkg short reads (these I/O errors are not
      generally indicative of a bug in the packaging)

  [ Loïc Minier ]
  * cmdline/apt-key:
    - Emit a warning if removed keys keyring is missing and skip associated
      checks (LP: #218971)

  [ Brian Murray ]
  * cmdline/apt-get.cc:
    - typo fix (LP: #370094)

  [ Michael Vogt ]
  * apt-pkg/deb/dpkgpm.cc:
    - when tcgetattr() returns non-zero skip all pty magic
      (thanks to Simon Richter, closes: #509866)
  * apt-inst/contrib/arfile.cc:
    - show propper error message for Invalid archive members
  * apt-pkg/acquire-worker.cc:
    - show error details of failed methods
  * apt-pkg/contrib/fileutl.cc:
    - if a process aborts with signal, show signal number
  * methods/http.cc:
    - ignore SIGPIPE, we deal with EPIPE from write in
      HttpMethod::ServerDie() (LP: #385144)
  * debian/apt.cron.daily:
    - if the timestamp is too far in the future, delete it
      (LP: #135262)

  [ Merge ]
  * merged from debian, reverted the libdlopen-udev branch
    because its too late in the release process for this now
  * not merged the proxy behaviour change from 0.7.23 (that will
    be part of lucid)

apt ( unstable; urgency=low

  [ Michael Vogt ]
  * apt-pkg/pkgcache.cc:
    - do not set internel "needs-configure" state for packages in
      triggers-pending state. dpkg will deal with the trigger and
      it if does it before we trigger it, dpkg will error out
      (LP: #414631)
  * apt-pkg/acquire-item.cc:
    - do not segfault on invalid items (closes: #544080)

apt (0.7.23) unstable; urgency=low

  [ David Kalnischkies ]
  * cmdline/apt-get.cc:
    - add APT::Get::HideAutoRemove=small to display only a short line
      instead of the full package list. (Closes: #537450)
    - ShowBroken() in build-dep (by Mike O'Connor, Closes: #145916)
    - check for statfs.f_type (by Robert Millan, Closes: #509313)
    - correct the order of picked package binary vs source in source
    - use SourceVersion instead of the BinaryVersion to get the source
      Patch by Matt Kraai, thanks! (Closes: #382826)
    - add pkg/archive and codename in source (Closes: #414105, #441178)
  * apt-pkg/contrib/strutl.cc:
    - enable thousand separator according to the current locale
      (by Luca Bruno, Closes: #223712)
  * doc/apt.conf.5.xml:
    - mention the apt.conf.d dir (by Vincent McIntyre, Closes: #520831)
  * apt-inst/contrib/arfile.cc:
    - use sizeof instead strlen (by Marius Vollmer, Closes: #504325)
  * doc/apt-mark.8.xml:
    - improve manpage based on patch by Carl Chenet (Closes: #510286)
  * apt-pkg/acquire-item.cc:
    - use configsettings for dynamic compression type use and order.
      Based on a patch by Jyrki Muukkonen, thanks! (LP: #71746)
  * apt-pkg/aptconfiguration.cc:
    - add default configuration for compression types and add lzma
      support. Order is now bzip2, lzma, gzip, none (Closes: #510526)
  * ftparchive/writer.cc:
    - add lzma support also here, patch for this (and...

Changed in apt (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers