Feature request: expand 'clean' to 'clean total'
dirk.traulsen at lypso.de
Sun Oct 30 07:05:58 CET 2005
Am 29 Oct 2005 um 2:25 hat Henry Hertz Hobbit geschrieben:
> On 27 Oct 2005 Dirk Traulsen wrote:
> > So here is my feature request: Please make an option to delete
> > signatures, for which there is no corresponding signing key on
> > the local keyring.
> I hope I am misunderstanding this. I think I am.
> I have a little bit of a problem with this. First, I am NOT part
> the WOT and never will be (look at my name and you will see why).
> Second, I have precious few public keys on my key ring, and Werner
> one of them. You should all of those pretty "[User ID not found]"
> after all of those sigs. Thank goodness I am NOT part of the WOT.
> I was (part of the WOT) and cleaned out all of those signatures on
> key, signed it, and uploaded it to one of the keyservers so it
> reflected he had another signee, what would happen to the ones that
> were cleaned out? I am sure that most if not all of them are
> legitimate signatures.
> Like I said, I am pretty sure I am misunderstanding what you are
Yes, you do!
This does not effect the keys on the keyservers! The keyservers
always only add or merge the keys they are sent. This means, if there
is already a key with that ID, they take the sent key apart and add
the new parts (if there are any). 'clean total' would have absolutely
no effect on the keyservers or the WoT.
The proposal is about all those [User ID not found] in the keys in
your LOCAL keyring. My proposal would only have an effect on the
keyringsize on your storage media.
Even in my really small keyring, there are several thousand of unused
signatures. Can you imaging the effect on local keyrings with
hundreds of keys? Because you don't have the corresponding signing
key in your local keyring, gpg cannot verify them, so these
signatures are not useful for you. (With the exception, that you have
a visual hint that there are more signatures on the keyservers.)
This cleaning effect only lasts until the next '--refresh-keys',
where you always get the complete keys with all signatures from the
keyserver. If you had put the proposed option 'clean total' in your
keyserver-options or import-options, then like 'clean' today, gpg
would first import the complete key and after checking which
signatures are still not usable, automatically clean the keys again.
I obviously think this to be a good thing to have, but I'm a little
discouraged by the nearly total lack of interest of the list.
I would really appreciate a discussion of the proposed feature and
change of the man-page. Please write if you think that it's a waste
of time or preferably that you would like to have this feature.
More information about the Gnupg-users