On Mon, Jun 27, 2016 at 04:33:01PM +0100, Jonathan McDowell wrote: > Can you provide the test you are using to check these keys? Most of the > keys have had a round-trip through gnupg (1.4) so it's obviously not > doing the appropriate cleaning.
Instead of doing something sane, I'm running debian-keyring.gpg through the hOpenPGP testsuite and checking them one by one. What could be easier is to --edit each key and see if it gives the gpg: moving a key signature to the correct place message but of course that's tedious too.