dealing with misplaced signatures
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 31 00:29:52 CEST 2012
Clint Adams reports in http://bugs.debian.org/683339:
--------------------------
This key has two signatures on a subkey:
http://keys.mayfirst.org/pks/lookup?op=get&search=0xED34CEABE27BAABC
gpg --edit-key will correctly detect them as being in the wrong place,
and move them to another wrong place, unless the uid/uat being moved
to happens to be the target of the signature.
Since sks appears to be buggy, those signatures will remain on the
subkey, and be replaced on a --recv-keys or --refresh. Then
a subsequent --edit-key will move them again.
It would be nice if something could prevent these things from happening.
--------------------------
The "sks appears to be buggy" remark refers to the fact that sks appears
to allow certain types of signature in places that they don't make sense:
http://bugs.debian.org/683328
This is why sks is willing to return regular identity certification
packets after a subkey binding cert.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120730/3a353697/attachment.pgp>
More information about the Gnupg-devel
mailing list