Cleaning bad signatures

Michael Graff
08 Dec 2000 08:56:57 -0800

Werner Koch <> writes:

> On Fri, 8 Dec 2000, wrote:
> > One, does --check-sig actually remove bad signatures? If
> > not, what does? I'm getting tired of seeing warning
> It is not possible to remove bad signatures - every import would
> merge them back in. Of course it would we possible to have an
> option to not import bad signatures - nonody has yet requested for
> it.
I at least think it would be useful. Are they at least marked as bad in some database so they can be skipped when needed?
> > It might be handy to have a --assign-ownertrust or
> > --show-ownertrust command that will scan the public keyring,
> Yes. As soon as we will see more and more GUIs for gpg we can
> implement it.
I was going to use a combination of --list-keys and --with-colons to dump into a Perl script, but alas, that is _very_ slow. I know I should Use the Source, but does GPG cache public keys in memory rather than having to look them up constantly? Just a quick and dirty dump of the signature tree (assuming that bad signatures can be marked as such) should not take hours with under 2,000 keys. PGP is much, much worse in this area. I may start digging into the source when I can spare the time and add a few more raw file dumps, either as commands within gpg or as external tools. --Michael -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to