Am 9 Sep 2005 um 10:46 hat David Shaw geschrieben: > Unfortunately not, because without the signing key, gpg can't tell if > a signature is valid or not. If there is no way to tell if a > signature is valid then the wrong thing might happen in cleaning. > > Here's an example: > > signature 1 from key 12345678 is dated January 1, 2000. > signature 2 from key 12345678 is dated January 1, 2001. > > It would seem obvious that signature 1 should be removed... but in > fact, signature 1 is valid, and signature 2 is a forgery. If gpg > removes signature 1, then the forger who created signature 2 > effectively "revoked" signature 1. Only if the signing key 12345678 > is present can gpg tell which is the real signature.
Ok, now I understand. Maybe it would be helpful to write it in the man page, that you need the key for cleaning. > There is perhaps an argument to be made for a "super clean" that does > clean and also removes any signature where the signing key is not > present (in fact, an early version of clean did that), but that's a > different thing than clean. I think, it would be a good thing to have, especially if you have limited space. The name is funny too. Thank you for your help Dirk _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
