Key selection bug in 1.0.6a

David Shaw dshaw at
Sat Sep 8 08:46:01 CEST 2001


I found a bug with the key selection code in 1.0.6a.  In 1.0.6, GnuPG
has a "bias" toward subkeys - if you have a subkey capable of
signatures, gpg will use it instead of the main signing key unless you
stick a ! on the keyid to show you meant to use the main signing key.

In 1.0.6a, the ! feature does not seem to work, so if you have a
subkey capable of signatures, you can never use the main key.

As an incidental question: I can see the point in using the subkey by
default when making signatures on documents, but is this the right
default for signing other keys?  I'm concerned that eventually people
are going to start stripping old revoked or expired subkeys from their
keys, and that will hurt the web of trust.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 536 bytes
Desc: not available
Url : /pipermail/attachments/20010908/c0ad4665/attachment.bin

More information about the Gnupg-devel mailing list