no-ks-modify effect on signature uploads

David Shaw dshaw at
Wed Aug 11 16:11:24 CEST 2010

On Aug 11, 2010, at 7:33 AM, Hauke Laging wrote:

> Hello,
> a few weeks ago we had a discussion about the no-ks-modify flag (being not 
> reliably supported by the keyservers yet).
> It certainly makes a difference whether you can accidentally ignore this flag 
> or have to ignore it intentionally. This raises the question (I admit I was 
> too lazy to test that myself) whether gpg ignores this flag. Does gpg upload 
> signatures for other people's key which have this flag? The keyservers don't 
> do crypto checks but gpg could, of course. IMHO it would make sense for gpg to 
> reject uploads in these cases.

I actually considered this once, but in the end, it would be confusing to have a key be uploadable with PGP but not GPG.  Also, it could be defeated trivially by just exporting a key to a text file (always legal), and then uploading it to the keyservers using the web.  It would have been an illusion of actual functionality.


More information about the Gnupg-users mailing list