Page MenuHome GnuPG

updating existing key certifications should not require --expert
Open, NormalPublic


If Alice has made an OpenPGP certification over Bob's primary key + user ID, gpg
currently won't let her make a new signature, with an error message:

    "Bob <>" was already signed by key D39BDA50DD443420
    Nothing to sign with key D39BDA50DD443420

This is true even if Alice's certification is due to expire soon, or was made by
a weak digest algorithm (e.g. --weak-digest), or lacks some feature that a
newly-made certification would have (e.g. notation, etc).

It's possible to override this limit by using the --expert flag, but users
really shouldn't need to do so if they are trying to update an existing

Please make this check only skip the signing process if the *only* way that the
new certification would differ from the existing certification is based on the
creation date of the timestamp.



Event Timeline

dkg set Version to 2.1.15.
dkg added a subscriber: dkg.