SKS and GnuPG related issues and possible workarounds

Ryan McGinnis ryan at
Sat Jul 6 13:50:48 CEST 2019

Someone brought it to my attention that my key is now one of the affected keys; I think from this we can probably surmise that whoever(s) is doing this probably reads this list as this email address doesn’t see heavy circulation.

-Ryan McGinnis
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

On Sat, Jul 6, 2019 at 00:33, Teemu Likonen via Gnupg-users <gnupg-users at> wrote:

> Konstantin Boyandin via Gnupg-users [2019-07-05T20:45:59-04:00] wrote:
>> ATM, none of systems I use GnuPG in has been hit with the signature
>> flood disaster. If I might miss that point - is it possible to get,
>> somehow, the list of flooded keys IDs (if anyone keeps the stats)?
> I don't maintain a list and such a list can be always outdated anyway.
> Better option is to set protective settings right now in gpg.conf file.
> keyserver-options import-clean
> # maybe also:
> import-options import-clean
> With option "import-clean" key import operations accept only key
> signatures from already known keys. With poisoned keys the import
> operation can take time but at least your local keyring is protected
> from importing them.
> The gpg(1) manual page for version 2.1.18 (Debian) is misleading,
> though.
> import-clean
> After import, compact (remove all signatures except the
> self-signature) any user IDs from the new key that are
> not usable. Then, remove any signatures from the new
> key that are not usable. This includes signatures that
> were issued by keys that are not present on the
> keyring. This option is the same as running the --edit-
> key command "clean" after import. Defaults to no.
> It says "After import" but according to Werner Koch[1] it actually
> strips unknown key signatures _before_ importing them to the local
> keyring. The manual also says that "This option is the same as running
> the --edit-key command 'clean' after import." This is also wrong or
> misleading because it may lead user thinking that in import oprations
> first all keys and key signatures are imported to local keyring and then
> they are cleaned.
> -----
> 1.
> --
> /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
> //
> /
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: publicKey - ryan at - 5c738727ee58786a777c4f1db5aa3fa3486ed7ad.asc
URL: <>

More information about the Gnupg-users mailing list