Retaining expired sigs

David Shaw dshaw at jabberwocky.com
Thu Mar 17 23:31:41 CET 2005


On Thu, Mar 17, 2005 at 05:10:31PM -0500, Jason Harris wrote:
> On Thu, Mar 17, 2005 at 04:15:29PM -0500, David Shaw wrote:
> > On Thu, Mar 17, 2005 at 03:55:23PM -0500, Jason Harris wrote:
> > > On Tue, Mar 15, 2005 at 06:22:11PM +0100, Werner Koch wrote:
> 
> > > > I forgot to insert the NEWS for 1.4.1; there are actually not that
> > > > many as those for the last release.  Here we go:
> > >  
> > > >  * New "import-unusable-sigs" and "export-unusable-sigs" tags for
> > > >    --import-options and --export-options.  These are off by
> > > >    default, and cause GnuPG to not import or export key signatures
> > > >    that are not usable (e.g. expired signatures).
> > > 
> > > Gah!  It seems these are _ON_ by default, are undocumented in the
> > > manual page, (aren't picked up when listed in ~/.gnupg/options,)
> > > and _CAN NOT_ be turned off:
> > 
> > Huh?  Your own experiment shows they are off by default:
> 
> (Sorry, I meant the stripping of expired signatures is on by default.)
> 
> It was my impression that expired sigs would be retained by default.
> Removing expired sigs is tantamount to removing expired/revoked
> userids and subkeys, IMO, and should not be done by default.

I don't agree.  An expired signature is not relevant - it is just
meaningless bytes at this point.  Note also that expired user IDs and
subkeys are, in fact, removed.  That's not new behavior, by the way:
it has been this way for as long as I can remember.

> > They can be turned ON if you want.  Like all --import-options and
> > --export-options, they apply to --import and --export only.  If you
> > want them to apply to keyserver operations, list them in
> > --keyserver-options.  See the manual.
> 
> I only see "unusable" in my manual page for the following:

I mean the instructions to put the --import-options and
--export-options in --keyserver-options if you want them to apply to
keyserver operations.  The command line you gave as an example was
incorrect in that you specified --import-options but were doing a
keyserver operation.

David



More information about the Gnupg-users mailing list