Bug #116571 for GnuPG-Interface: Tries to sign with User Private Key

RT for rt.cpan.org

This queue is for tickets about the GnuPG-Interface CPAN distribution.

Report information

The Basics

Id:	116571
Status:	open
Priority:	0/
Queue:	GnuPG-Interface

People

Owner:	Nobody in particular
Requestors:	KENTNL [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Fri Jul 29 15:15:34 2016 KENTNL [...] cpan.org - Ticket created

Subject:

Tries to sign with User Private Key

Midway through running the test suite, I got a PinEntry popup prompting for my password to my GPG Private Key.

I find it somewhat questionable the need to sign things on my behalf without me consciously choosing to so, and I'd generally treat such a thing as a security risk.

Though I suspect this is related to either

a) Having a GPG agent running

b) Having the GPG pinentry mechanism set to a QT based pinentry instead of tty based.

This may also be related to 5.22.3-RC2 Testing, but I don't have enough to go on there.

Wed Sep 14 15:28:28 2016 DKG [...] cpan.org - Correspondence added

On Fri Jul 29 15:15:34 2016, KENTNL wrote: Show quoted text

> Midway through running the test suite, I got a PinEntry popup > prompting for my > password to my GPG Private Key.

I suspect this is due to your using GnuPG 2.1 and the way the test suite interacts with the agent from that version. It was probably not prompting you for your own gpg private key, but rather for the private key associated with the test suite. This is still a bug, though, and an annoying one. The fixes i've posted to https://rt.cpan.org/Ticket/Display.html?id=102651 should resolve this issue for you, i think.

Wed Sep 14 15:28:29 2016 The RT System itself - Status changed from 'new' to 'open'