Feature request: expand 'clean' to 'clean total'

Dirk Traulsen dirk.traulsen at lypso.de
Sun Oct 30 07:05:58 CET 2005

Am 29 Oct 2005 um 2:25 hat Henry Hertz Hobbit geschrieben:

> On 27 Oct 2005 Dirk Traulsen wrote:
> > So here is my feature request: Please make an option to delete
> > signatures, for which there is no corresponding signing key on
> > the local keyring.
> I hope I am misunderstanding this.  I think I am.
> I have a little bit of a problem with this.  First, I am NOT part 
> the WOT and never will be (look at my name and you will see why).
> Second, I have precious few public keys on my key ring, and Werner 
> one of them.  You should all of those pretty "[User ID not found]"
> after all of those sigs.  Thank goodness I am NOT part of the WOT. 
> I was (part of the WOT) and cleaned out all of those signatures on 
> key, signed it, and uploaded it to one of the keyservers so it
> reflected he had another signee, what would happen to the ones that
> were cleaned out?  I am sure that most if not all of them are
> legitimate signatures.
> Like I said, I am pretty sure I am misunderstanding what you are
> doing.

Yes, you do! 
This does not effect the keys on the keyservers! The keyservers 
always only add or merge the keys they are sent. This means, if there 
is already a key with that ID, they take the sent key apart and add 
the new parts (if there are any). 'clean total' would have absolutely 
no effect on the keyservers or the WoT.

The proposal is about all those [User ID not found] in the keys in 
your LOCAL keyring. My proposal would only have an effect on the 
keyringsize on your storage media. 
Even in my really small keyring, there are several thousand of unused 
signatures. Can you imaging the effect on local keyrings with 
hundreds of keys? Because you don't have the corresponding signing 
key in your local keyring, gpg cannot verify them, so these 
signatures are not useful for you. (With the exception, that you have 
a visual hint that there are more signatures on the keyservers.) 

This cleaning effect only lasts until the next '--refresh-keys', 
where you always get the complete keys with all signatures from the 
keyserver. If you had put the proposed option 'clean total' in your 
keyserver-options or import-options, then like 'clean' today, gpg 
would first import the complete key and after checking which 
signatures are still not usable, automatically clean the keys again.

I obviously think this to be a good thing to have, but I'm a little 
discouraged by the nearly total lack of interest of the list.
I would really appreciate a discussion of the proposed feature and 
change of the man-page. Please write if you think that it's a waste 
of time or preferably that you would like to have this feature.


More information about the Gnupg-users mailing list