Ohhhh jeeee: ... this is a bug (getkey.c:2079:merge_selfsigs)

Phil Pennock gnupg-users at spodhuis.demon.nl
Wed Mar 1 14:12:44 CET 2006


On 2006-02-28 at 13:07 +0100, sbt at megacceso.com wrote:
> Ok, now it works, but can you send me any information that could be 
> interesting? For example how you create the 0xC9541FB2,

It's a public key for someone else, imported with --recv-key, because
it's in a trust path I need.

I do have a rather large public key ring (69MB); at times when the trust
path tools have been broken, I wrote a gpg_fetchsigners wrapper which
imports the signers on a key; it's not very good for finding the keys
signed _by_ a key, but there is a degree of correlation and so it's been
adequate to let me get a decent population of trust paths to things I
need (signers of security notices, packages, etc).  I'm tempted to dump
out my public keyring and only re-import those which are on my current
ownertrust list.

So yes, I've seen various broken signatures and hit the mpi bug.
-- 
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
 -- Roger BW on topic of verb conjugation



More information about the Gnupg-users mailing list