On 02/18/2011 03:22 AM, Werner Koch wrote:
The part which requires more work is to change all code looking for a
keyid to iterate over all keyids in the database until it succeeds. We
do this for example for wildcard keyids. It turned out that this is
sometimes pretty annoying because the user is forced to enter the
passphrases for all of his keys. For the case you describe we won't
have this problem but it is nevertheless a lot of work to try all
keyids. It would be more correct, though.
while it might be more correct to import the new keys, it introduces
dangerous ambiguity to the output of "gpg --check-sigs --with-colons",
as that command identifies certifiers by key ID.
Any tool that relies on the output of "gpg --check-sigs --with-colons"
is currently implicitly expecting only a single key per keyID in the
keyring; otherwise, the output would be ambiguous.
Disabling v3 import and an option to enable such imports seems to be
justified and is easy to implement.
That's good to hear, thanks!
--dkg
signature.asc
Description: OpenPGP digital signature