gpg --check-sigs treats signatures from keys that have been revoked indistinguishably from keys that have not been revoked.
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	jamie
	May 6 2008, 5:36 PM

Description

While --verify will properly distinguish signatures from keys that are revoked,
--check-sigs does not indicate any difference.

fix -- change the output of --check-sigs so that signatures from keys that have
been revoked are clearly marked

Event Timeline

jamie added projects: Feature Request, gnupg.May 6 2008, 5:36 PM

jamie added a subscriber: jamie.

That is not easy to do because we cache the key signature status for performance
reasons. Thus for a proper output you would need to used --no-sig-cache;
without that the output does not reflect reality. A GUI can more easily check
for a revoked signature key because it will not be used in batch mode. I'll
make a not e in the documentation for --check-sigs.

Note that the validation check (--check-trustdb) does not use the cached
results. And well, it takes a long.

• werner closed this task as Resolved.Dec 10 2008, 3:44 PM

• werner claimed this task.

• werner added a project: Won't Fix.

gpg --check-sigs treats signatures from keys that have been revoked indistinguishably from keys that have not been revoked.Closed, ResolvedPublicActions

Description

Event Timeline

gpg --check-sigs treats signatures from keys that have been revoked indistinguishably from keys that have not been revoked.
Closed, ResolvedPublic
Actions