dealing with misplaced signatures
David Shaw
dshaw at jabberwocky.com
Wed Aug 1 19:42:46 CEST 2012
On Aug 1, 2012, at 1:29 PM, Daniel Kahn Gillmor wrote:
> On 08/01/2012 01:12 PM, David Shaw wrote:
>> My point is that if you expect GPG to be able to fix a broken key, you need to pass back all the data, or GPG has nothing to work from.
>
> well, you could expect the GPG of the original uploader to fix the
> broken key before uploading it. Then the keyservers wouldn't have to
> store and return obviously-incorrect data.
It's an interesting question, as we don't really know how this corruption happened in the first place. We can't presume that the original uploader necessarily uploaded a corrupt key. Especially if the original uploader is the person who generated the key, it's rather hard to imagine the key was corrupt before it was uploaded.
David
More information about the Gnupg-devel
mailing list