If Alice has made an OpenPGP certification over Bob's primary key + user ID, gpg
currently won't let her make a new signature, with an error message:
"Bob <bob@example.org>" was already signed by key D39BDA50DD443420
Nothing to sign with key D39BDA50DD443420This is true even if Alice's certification is due to expire soon, or was made by
a weak digest algorithm (e.g. --weak-digest), or lacks some feature that a
newly-made certification would have (e.g. notation, etc).
It's possible to override this limit by using the --expert flag, but users
really shouldn't need to do so if they are trying to update an existing
certification.
Please make this check only skip the signing process if the *only* way that the
new certification would differ from the existing certification is based on the
creation date of the timestamp.