Release: 1.4.1
Linux
gpg --list-sigs D0123E63 shows 20 signatures but 14 of them are bad as can be only verifieed by gpg --edit D0123E63 followed by a check.
Such signatures points to a manipulated key so this issue should be showed very obvious on the key listing!
gpg --list-sigs D0123E63
gpg --edit D0123E63
check
gpg --search benoit panizzon
Unknown
From: Klaus Ethgen <Klaus@Ethgen.de>
To: bug-any@bugs.gnupg.org
Cc: gnupg-hackers@gnupg.org, gnats-admin@trithemius.gnupg.org, wk@gnupg.org
Subject: Re: gnupg/527
Date: Mon, 12 Sep 2005 14:10:59 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Werner,
Am Mo den 12. Sep 2005 um 12:48 schrieb wk@gnupg.org:
This is on purpose. It is easy to add faulty signatures,
displaying them would lead to a bunch of messages without
any meaning. GnupG does not use bad signatures. See also
the new clean options
Yes, this is true, but in the list the bad signatures get's shown as if
they are normal and correct signatures.
A Flag like "<bad>" or "<wrong>" in the signature listing whould be very
helpfull. Also it might be good to remove them completely by the import
(Maybe an import option).
Regards
Klaus
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBQyVwU5+OKpjRpO3lAQI5/QgAnm4IHaiLLco+CrvJhSXESdU9d6p7bCPP
8GjNYlFpRmExtUfjih/fEKSUu7406iWwOtEnkEf8E64ZSwnlqDmVClxGHNbJhZ16
CyqWIej4HEDP8hS74IqJQqUgGszCwcpGzaIrZZ94ATomIklADfkDTRc+vx8t+dcd
+mPuW+zCWmOGYCuw4EYYUH9ma4nTKqJQhYN7nJ1qaS+n9jv1cvQjX90OnlEE9RjK
qKutA1cf0jCL+1bjyTnMUDE4rkgYhEAkOmf6cA0zUuQCrlIjNjdicPb/91C15xLX
NWUoiKeK5tcyRTa4cN+5hSYpvUcgZFJs80U0OazmHNT7V7HLV5iGKA==
-----END PGP SIGNATURE-----
This is on purpose. It is easy to add faulty signatures,
displaying them would lead to a bunch of messages without
any meaning. GnupG does not use bad signatures. See also
the new clean options