tag 447955 wontfix thanks On Thu, Oct 25, 2007, Kees Cook wrote: > This is when I'm signing over my sponsoree's. Many of their build > practices include signing packages (it is good practice for their > eventual self-uploading). This comes up most of all when I'm doing > sponsored security updates.
I really see signing over a sponsoree's signature a bad practice. The only use case I see is myself signing with a second key which is not in the keyring and wanting to re-sign over it. But I like being warned when a file I am signing has already been signed. So I won't fix this bug and I am tagging it accordingly. You may also convince me I am wrong and I'll be happy to correct the current behaviour. :-) -- Mohammed Adnène Trojette
