[ale] Bad signatures on keys?

Michael B. Trausch mike at trausch.us
Thu Dec 15 14:24:38 EST 2011


I'm a bit curious, I just did another re-import and then a --check-sigs
and I saw this at the bottom of the output:

4 bad signatures
1945 signatures not checked due to missing keys

I get the missing keys bit, but the 4 bad signatures I thought was a
little strange, so I looked into it.  Seems that bad signatures are
shown with their lines starting with "sig-" instead of "sig!" in the
--check-sigs output.

The four bad signatures are (output trimmed, they're all on Mike
Warfield's key and the list is massively huge):

pub   1024R/DF1DD471 1994-04-28
uid                  Michael H. Warfield <mhw at WittsEnd.com>
sig-         DF1DD471 1998-04-05  Michael H. Warfield <mhw at WittsEnd.com>

uid                  Michael H. Warfield <mhw at commandcorp.com>
sig-         DF1DD471 1994-04-29  Michael H. Warfield <mhw at WittsEnd.com>
sig-3        DF1DD471 2002-10-14  Michael H. Warfield <mhw at WittsEnd.com>
sig-3        5DEA789B 2011-12-09  David Tomaschik <david at systemoverlord.com>

So, three of the bad signatures on key df1dd471 are from key df1dd471
and one of the bad signatures is from key 5dea789b, am I understanding
that correctly?

Also, why is it that David's key shows an invalid signature for the
mhw at commandcorp.com uid, but not for any of the other uids on that key?

Is there a possibility that something is funky with my
(brand-spanking-new!) GPG database, somehow?

	--- Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20111215/f2675448/attachment.bin 


More information about the Ale mailing list