[tor-bugs] #30549 [Applications/Tor Browser]: Add script to remove expired sub-keys from a keyring file

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 1 14:05:59 UTC 2019 

#30549: Add script to remove expired sub-keys from a keyring file
--------------------------------------------+------------------------------
 Reporter:  boklm                           |          Owner:  tbb-team
     Type:  task                            |         Status:  needs_review
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  TorBrowserTeam201907R, tbb-rbm  |  Actual Points:
Parent ID:  #30548                          |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by boklm):

 * keywords:  TorBrowserTeam201907, tbb-rbm => TorBrowserTeam201907R, tbb-
               rbm
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:10 gk]:
 > Replying to [comment:9 boklm]:
 > > Replying to [comment:8 gk]:
 > > > Could you update `drop-expired-sub-keys` with the process you
 envision in commit:5? That way someone later without all the background we
 have knows what to do with the script(s).
 > >
 > > In branch `bug_30549_v4` I added a README file explaining the process:
 > > https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_30549_v4&id=059bb1f569084ac1c6e9d17cd3959c33afeb37d7
 >
 > Thanks, this looks better: One final thing (I hope :) ):
 > {{{
 > - if a key is not needed anymore, remove it with `gpg --delete-keys`.
 > }}}
 > s/i/I/, but more generally I am not sure I understand the need for the
 `gpg` invocation here. If we find a key in /keyring which we don't need
 anymore then we just remove the file, no? Or did you have in mind cases
 where a bunch of keys were in the same file? I suspect we could need some
 clarification here.

 Yes, I was thinking of the case of a keyring file containing multiple
 keys, including an expired one that is not needed anymore. I clarified
 this in `bug_30549_v5`:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_30549_v5&id=419b0bef89047450a88292ea34bb8ef1e746bbea

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30549#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list