On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: > On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote: > > On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote: > > > > 3. Because now I was irritated, I did the same again with a different > > > keyserver 'keyserver.kjsl.com' and I got a completely different > > > result! When I fetched the key 08B0A90B, here it didn't have 47 sigs, > > > but only 15 sigs (see below output2). There was only a double self > > > sig, which 'clean' removed later. How can this be, if the keyservers > > > are synchronized? > > > > Looks like they're not all that well synchronized :) > > Well, keyserver.ubuntu.com is still not participating in email syncs > to non-SKS keyservers, but that's a different problem. > > keyserver.kjsl.com is now stripping all GD sigs. The extra variable > in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively:
It's your keyserver, and you of course make the choices for what it carries, but for the record, I think this is a bad idea. Skipping the usual discussion about the GD (I don't think anyone will convince anyone else at this point), you do realize that this means you are making a decision to edit the web of trust for others based on your own personal criteria. I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
