keyserver invents bad signatures :-(
Wed Dec 11 18:21:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
For creating an example for another list I just typed
gpg --keyserver keyserver.kjsl.com --recv-key 9A4C704C
which is my own key.
I was quite astonished that it received 7 new sigs because I haven't
gpg --list-sigs 9A4C704C displays the mess (and
erprint=on> confirms it):
I had 7 foreign signatures on my key before I created a third UID last week.
Only one signer (exept myself) has signed the key since, so the new UID
should have only 2 Signatures (including the self-signature).
But now the keyserver displays that all 8 signers have signed my new UID.
I guess because 7 signatures are older than my self-signature GPG marks
those as bad.
I am shure that those other 7 people have not (at least not all of them at
the same time) signed and uploaded my third UID.
I did a gpg --refresh-keys yesterday and then still everything was OK.
I have not uploaded my key since 2002-12-02.
I am running (on MacOS X)
[me@myhost]~$ gpg --version
gpg (GnuPG) 1.3.1
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, TIGER192
Compress: Uncompressed, ZIP, ZLIB
Jason, please help! I don't want my key bloated with invalid signatures.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.1 (Darwin)
-----END PGP SIGNATURE-----ss-----BEGIN PGP SIGNED MESSAGE-----