How to fail at useful cryptography: bad error messages
I'm in the process of upgrading my office workstation from Fedora 14 to Fedora 15 (since I've already piloted Fedora 15 on my home machine). I'm doing it with a yum upgrade, since that's the sane way to do it if you don't want to be without your machine for hours. And I got the following (fatal) error:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 069c8460: NOKEY
The GPG keys listed for the "Fedora 15 - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Now, notice some important omissions from this error message. It doesn't tell me which package is having problems. It doesn't identify the bad key that the package is signed by (at least not in any clear way; it may be key ID 069c8460 but it's hard to tell). It doesn't identify what it thinks are the GPG keys of the repository. It doesn't even really tell me what's wrong, not directly.
(See below for what I think was actually wrong.)
Here is today's pop quiz: what is even a well-intentioned person going to do when they are presented with an error message like this?
The answer is that they are going to do a web search for the error message to see if someone has already hit this and found a solution, and then they are going to shrug and turn off GPG package verification. Because for everyone except people who are very familiar with yum's insides, what this error message really translates to is 'something went wrong with the innards of yum GPG package verification, you're out of luck', and in that situation all they can do is either give up entirely or override the broken innards. And very few people are going to give up on what they wanted to do.
This is a terrible result. An unusable error message has just convinced people to entirely disable your protective cryptography, even in the face of a potential extreme danger. The reality is that useful cryptography requires useful, clear error messages. If you want people to pay attention to your cryptography when something is wrong, you must explain as clearly as possible what is wrong and give them the best tools possible for diagnosing the failure. If people can't clearly see what's wrong and how to at least investigate further, they have no real choice but to override your crypto and lose any safety you might have been providing them.
(You also want to give people minimal ways to work around the problem. For example, yum only gives me the option to turn off GPG package verification entirely; it has no visible '--skip-bad-signed' option.)
Sidebar: what was wrong
For the benefit of anyone doing a web search on this error message, I believe that there are two possible causes for it.
In my case, I think that the error message was wrong and I had not in fact imported the Fedora 15 GPG keys (although I thought I had; I think I accidentally imported the Fedora 16 keys instead). I don't know why yum thought I had. I can't be entirely sure of my diagnosis, but key ID 069c8460 is the Fedora 15 key and the problem went away after I (re)imported it, although I also did one other thing in the mean time.
(You can tell what key ID is which on either the Fedora
keys page, where the key ID
the bit after the '/' in the
pub line, or by inspecting the
file name in the key's URL in the Fedora yum upgrade page.)
Web searches suggest that the other case is a package labeled as being for Fedora 15 that's signed with the key of another Fedora release. Apparently this happens sometimes and yum normally forbids this, probably for good reasons.