Web Lacre accepts any string in key submission field #41
Labels
No Label
ANSIBLE
BUG
CODE
DEVELOPMENT
DOCUMENTATION
FEEDBACK
FIX
HOWTOs
IDEA
INFRA
ISSUE
MAILSERVER
TESTS
To-Be-Reviewed
WEB
WEBSITE
No Milestone
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Disroot/gpg-lacre#41
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Looks like putting anything in the field is accepted by lacre. We should improve on that and allow only strings that are gpg valid as keys, otherwise I smell potential for trolling and abuse.
Aditionally we could prevent situation where someone did not copy they jey properly etc.
Looks like PEBKAC on my end. There is of course option in the config which checks keys right away when submitting in the web interface.
$config['pgpverify_enable']
.