dealing with misplaced signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Aug 1 19:29:21 CEST 2012


On 08/01/2012 01:12 PM, David Shaw wrote:
> My point is that if you expect GPG to be able to fix a broken key, you need to pass back all the data, or GPG has nothing to work from.

well, you could expect the GPG of the original uploader to fix the
broken key before uploading it.  Then the keyservers wouldn't have to
store and return obviously-incorrect data.

> If you are stating that in every case of this corruption that the bad packets always exist in at least two places, and at least one of these is in the correct place,

every case i've seen, yes.  i don't know if that's a true universal,
though, or if it will be one going into the future.  But i think it's
not relevant, if we consider it the job of the uploader to present a
well-formed public certificate package to the keyservers.

> then why are we having this discussion?  Drop the packets and be done with it.

my sentiments exactly. :)

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120801/f398d285/attachment.pgp>


More information about the Gnupg-devel mailing list