clean sigs

Dirk Traulsen dirk.traulsen at
Fri Sep 9 16:18:11 CEST 2005

Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:

> Yes, I see what happened now.  It's just a misunderstanding.  "clean"
> can't work unless you have the key that issued the signature that you
> want cleaned (so it can know which signatures to remove).  In your
> case, you need to fetch key CA57AD7C (the PGP GD key).  Once you have
> that key, GnuPG can remove signatures that it has issued.

I can confirm, that 'clean' worked as you said, when I first fetched 
the keys for the obsolete sigs.

But why is it nescessary to fetch the key first? When there is a new, 
functional and valid signature from key 12345678 on a key, isn't it 
obvious from the originally 16 character keyID, that they were issued 
from the same key, whether I have it in my keyring or not?
Couldn't gpg delete the old obsolete signatures without the signing 
key itself?


More information about the Gnupg-users mailing list