I am quite surprised we even export private key in DER, I never had a need for it. Why is it used ?

AFAIK the only place where we use DER private keys is when storing/retrieving from the wallet.dat BDB database. We should probably change that, but reading DER must be supported at least.

Thanks for the fix!
How does this affect users of the wallet or RPC? Does this need backports?

How does this affect users of the wallet or RPC? Does this need backports?

I'm not entirely sure. I haven't analysed the full ramification.
It looks like, that we only use the DER encoding during serialisation to and deserialisation from the database. Internally it should be treated correctly. Walletdump, etc. should be correct.

At the moment, I'm not sure what happens if you import an uncompressed WIF priv key. Or what happened when we introduced the bug with already existing uncompressed DER encoded keys in the wallet.

(as was discussed in the last meeting)

This has no effect, we never read it. It's just idiocy in the format that a public key is saved inside the private key at all. I think it should just always set compressed here. We use the public key outside of the private key for everything interesting.

OK so this is not really a bug, just a peculiarity of our data format.
I think then that we should close this and keep things as-is (and later on, switch to a better storage format)

OK so this is not really a bug, just a peculiarity of our data format.
I think then that we should close this and keep things as-is (and later on, switch to a better storage format)

Yes. Agree. We could optimise this out maybe together with the new, non backward compatible HD internal/external database format.

Closing