Cleaning bad signatures

[Michael Graff]

Werner Koch <wk@gnupg.org> writes:

> On Fri, 8 Dec 2000, explorer@flame.org wrote:
> 
> > One, does --check-sig actually remove bad signatures?  If
> > not, what does?  I'm getting tired of seeing warning
> 
> It is not possible to remove bad signatures - every import would
> merge them back in.  Of course it would we possible to have an
> option to not import bad signatures - nonody has yet requested for
> it.

I at least think it would be useful.  Are they at least marked as
bad in some database so they can be skipped when needed?

> > It might be handy to have a --assign-ownertrust or
> > --show-ownertrust command that will scan the public keyring,
> 
> Yes. As soon as we will see more and more GUIs for gpg we can
> implement it. 

I was going to use a combination of --list-keys and --with-colons to
dump into a Perl script, but alas, that is _very_ slow.

I know I should Use the Source, but does GPG cache public keys in
memory rather than having to look them up constantly?

Just a quick and dirty dump of the signature tree (assuming that bad
signatures can be marked as such) should not take hours with under
2,000 keys.  PGP is much, much worse in this area.

I may start digging into the source when I can spare the time and
add a few more raw file dumps, either as commands within gpg or
as external tools.

--Michael

	

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org