On Thu, Mar 17, 2005 at 05:31:41PM -0500, David Shaw wrote: > On Thu, Mar 17, 2005 at 05:10:31PM -0500, Jason Harris wrote:
> > It was my impression that expired sigs would be retained by default. > > Removing expired sigs is tantamount to removing expired/revoked > > userids and subkeys, IMO, and should not be done by default. > > I don't agree. An expired signature is not relevant - it is just > meaningless bytes at this point. Note also that expired user IDs and GPG currently has no use for expired sigs in its trust calculations, but sigcheck (as part of keyanalyze) does. They are used if you want to recalculate the WoT at a given point in the past (or future) based on a given keydump/keyring. Also, while the GD itself doesn't retain its past sigs, elsewhere one can see that 0xB56165AA was signed by 0xCA57AD7C starting on 2004-12-29 while 0x99242560 was signed by it starting 2004-12-08. Even if you consider such data points useless, particularly where the GD is concerned, rest assured that not everyone else does, particularly where human signers are concerned. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004
pgpVkuGfERfvJ.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
