[Sks-devel] stripping GD sigs (was: Re: clean sigs)

Jason Harris jharris at widomaker.com
Fri Sep 9 05:10:23 CEST 2005


On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote:
> On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:

> > keyserver.kjsl.com is now stripping all GD sigs.  The extra variable
> > in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively:
> 
> It's your keyserver, and you of course make the choices for what it
> carries, but for the record, I think this is a bad idea.  Skipping the
> usual discussion about the GD (I don't think anyone will convince
> anyone else at this point), you do realize that this means you are
> making a decision to edit the web of trust for others based on your
> own personal criteria.
> 
> I'd be all in favor of an option where users could elect to filter out
> keys: that would put the user in control.  Forcing your decision on
> others by stripping signatures is a very disturbing step.

Not at all.  Anyone who wants sigs from the GD should use that
keyserver.  They're still available from it, and, remember,
expired sigs don't affect the WoT, so what's the point of the
well-synchronized keyservers keeping GD sigs?

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050908/1780e9ee/attachment.pgp


More information about the Gnupg-users mailing list