dealing with misplaced signatures

Daniel Kahn Gillmor dkg at
Tue Jul 31 00:29:52 CEST 2012

Clint Adams reports in

This key has two signatures on a subkey:

gpg --edit-key will correctly detect them as being in the wrong place,
and move them to another wrong place, unless the uid/uat being moved
to happens to be the target of the signature.

Since sks appears to be buggy, those signatures will remain on the
subkey, and be replaced on a --recv-keys or --refresh.  Then
a subsequent --edit-key will move them again.

It would be nice if something could prevent these things from happening.


The "sks appears to be buggy" remark refers to the fact that sks appears
to allow certain types of signature in places that they don't make sense:

This is why sks is willing to return regular identity certification
packets after a subkey binding cert.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120730/3a353697/attachment.pgp>

More information about the Gnupg-devel mailing list