On Wed, Sep 07, 2005 at 08:21:24PM -0600, Kurt Fitzner wrote:
> David Shaw wrote:
>
> > Would be difficult to do in SKS. You need to be able to verify
> > signatures (so cleaning doesn't remove the wrong signature), and right
> > now SKS doesn't verify signatures.
>
> The problem isn't widesprea
David Shaw wrote:
> Would be difficult to do in SKS. You need to be able to verify
> signatures (so cleaning doesn't remove the wrong signature), and right
> now SKS doesn't verify signatures.
The problem isn't widespread in that other keyservers are doing this
sort of thing. A simple explicit
On Wed, Sep 07, 2005 at 07:47:12PM +0930, Alphax wrote:
> David Shaw wrote:
> > On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
> >
> >>Kurt Fitzner wrote:
> >>
>
> >>gpg --edit-key clean
> >>
> >>And setting the clean-sigs and clean-uids options on import-options,
> >>export-option
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>>To my knowledge, the PGP GD doesn't sync with anyone. It would be
>>interesting to know how/where these signatures are leaking into the
>>keyserver net.
>
> Probably some PGP users who are "automagically" synchronising their
> entire keyrings with
David Shaw wrote:
> On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
>
>>Kurt Fitzner wrote:
>>
>>gpg --edit-key clean
>>
>>And setting the clean-sigs and clean-uids options on import-options,
>>export-options, and keyserver-options are our only defense until then.
>>
>>Like you, I r
On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
> Kurt Fitzner wrote:
> > This isn't GnuPG-related really, but recently downloaded my own public
> > key from a keyserver and found on it about a billion of those silly PGP
> > global directory signatures on it. Either someone has been d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kurt Fitzner wrote:
> This isn't GnuPG-related really, but recently downloaded my own public
> key from a keyserver and found on it about a billion of those silly PGP
> global directory signatures on it. Either someone has been downloading
> my key fr
Kurt Fitzner wrote:
> This isn't GnuPG-related really, but recently downloaded my own public
> key from a keyserver and found on it about a billion of those silly PGP
> global directory signatures on it. Either someone has been downloading
> my key from PGP a whole bunch and then submitting it to
This isn't GnuPG-related really, but recently downloaded my own public
key from a keyserver and found on it about a billion of those silly PGP
global directory signatures on it. Either someone has been downloading
my key from PGP a whole bunch and then submitting it to keyservers, or
the mainstrea
