dealing with misplaced signatures

David Shaw dshaw at jabberwocky.com
Wed Aug 1 19:42:46 CEST 2012


On Aug 1, 2012, at 1:29 PM, Daniel Kahn Gillmor wrote:

> On 08/01/2012 01:12 PM, David Shaw wrote:
>> My point is that if you expect GPG to be able to fix a broken key, you need to pass back all the data, or GPG has nothing to work from.
> 
> well, you could expect the GPG of the original uploader to fix the
> broken key before uploading it.  Then the keyservers wouldn't have to
> store and return obviously-incorrect data.

It's an interesting question, as we don't really know how this corruption happened in the first place.  We can't presume that the original uploader necessarily uploaded a corrupt key.  Especially if the original uploader is the person who generated the key, it's rather hard to imagine the key was corrupt before it was uploaded.

David




More information about the Gnupg-devel mailing list