Global Directory signatures (was Re: GPG wants to check trustdb every day)

David Shaw dshaw at
Wed Dec 29 05:44:21 CET 2004

On Tue, Dec 28, 2004 at 11:16:27PM -0500, Atom 'Smasher' wrote:
> On Tue, 28 Dec 2004, David Shaw wrote:
> > If what the GD does could have an actual impact on the keyservers and 
> > web of trust, then the keyservers and web of trust were already 
> > hopelessly broken.
> =============
> how many key-servers support the no-modify flag? it's part of the standard 
> and it could keep these auto-pilot sigs (and other unwanted sigs) from 
> polluting the system, but it's not supported. to that extent, the key 
> servers *are* hopelessly broken. biglumber is the closest i've seen to 
> being a good implementation, in this regard.

I certainly won't argue that many aspects of the keyserver design are
broken.  The problem is, some of the brokenness is also a design
requirement for some people.  "Broken" is really a question of "broken
for whom" ;)

Someone told me once that the old NAI "LDAP keyserver" supported
no-modify, but even if it is supported, neither of the two servers
running this software has it turned on.

The GD doesn't support no-modify either.

> > My concern is mainly about the aesthetics here.  It's unattractive (and 
> > over time large) to have that many expired sigs on your key.
> ===============
> not to downplay the matter of aesthetics, but it also becomes a usability 
> issue if the UI is cluttered with unwanted information.

True.  However if the concern is strictly the UI then a "don't show
unusable sigs" flag would handle that.  There is already a "don't show
unusable user IDs" and "don't show unusable subkeys", so adding one
for sigs is no big deal.


More information about the Gnupg-users mailing list