Feature request: expand 'clean' to 'clean total'

Henry Hertz Hobbit hhhobbit at securemecca.net
Sat Oct 29 10:25:22 CEST 2005

On 27 Oct 2005 Dirk Traulsen wrote:

> I first posted this under an old (but fitting) thread and got
> no response. Sorry, if you already read it.
> Nowadays there are quite some keys, which have several hundred
> signatures on their UIDs. This is a good thing for the WoT,
> but it clutters the local keyrings, as normally you don't have
> most of these signing keys. If the keys on your keyring are
> completely trusted, you don't need the additional signatures.
> Until now there is the option 'clean sigs' under '--edit KEY',
> but it does only delete sigs, which can be verified by gpg
> through comparison with the corresponding signing key.
> So here is my feature request: Please make an option to delete
> signatures, for which there is no corresponding signing key on
> the local keyring.
> David Shaw wrote:
> > There is perhaps an argument to be made for a
> > "super clean" that does clean and also removes any
> > signature where the signing key is
> > not present (in fact, an early version of clean did that),
> > but that's a different thing than clean.
> I think there are so many commands and options, that it would
> be better to expand the name and not take a new one.
> I suggest following solution: add a new option 'clean total'
> to the known options 'clean sigs' and 'clean uids'.
> This could be the new part in the man-page:
> ===========Proposal for the man-page==============
> clean     Cleans keys by removing unusable pieces.  This com-
>          mand can be used to keep keys neat and  clean,  and
>          it has no effect aside from that.
>          sigs      Remove any signatures that are not usable
>                    by the trust calculations.  For  example, 
>                    this  removes any signature that does not
>                    validate.  It also removes any  signature
>                    that  is superceded by a later signature,
>                    or signatures that were revoked.
>          uids      Compact  (by  removing   all   signatures
>                    except  the  selfsig) any user ID that is
>                    no  longer  usable  (e.g.   revoked,   or 
>                    expired).
>          total     Remove like above any  unusable signature
>                    and UID,  but  also  remove any signature 
>                    for which the signing key is not present.
> If  invoked  with  no  arguments,  both `sigs' and `uids' are
> cleaned.
> If invoked without `total', only signatures for which the
> signing key is present can be evaluted.
> ===========Proposal for the man-page==============
> What do you think about that, David?
> I would really appreciate such a function and I think (hope),
> that I'm not the only one. Please consider to implement it. As
> I cannot do it myself, maybe I can help with this proposal. 
> Dirk

I hope I am misunderstanding this.  I think I am.

I have a little bit of a problem with this.  First, I am NOT part of
the WOT and never will be (look at my name and you will see why).
Second, I have precious few public keys on my key ring, and Werner is
one of them.  You should all of those pretty "[User ID not found]"
after all of those sigs.  Thank goodness I am NOT part of the WOT.
If I was (part of the WOT) and cleaned out all of those signatures
on his key, signed it, and uploaded it to one of the keyservers so it
reflected he had another signee, what would happen to the ones that
were cleaned out?  I am sure that most if not all of them are
legitimate signatures.

Like I said, I am pretty sure I am misunderstanding what you are doing.

Key Name:  "Henry Hertz Hobbit" <hhhobbit at securemecca.net>
pub   1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11]
Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62

More information about the Gnupg-users mailing list