* import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys into

chk_self_sigs. This improves efficiency as the same signatures are not checked multiple times. Clarify when a subkey is revoked (any revocation signature, even if it is dated before the binding signature). * getkey.c (merge_selfsigs_subkey): Subkey revocation comments. * keylist.c (list_one): Stats are only for public key listings. * g10.c (main), options.skel: Default should be include-revoked for keyserver operations.
2025-07-02 22:46:30 +02:00 · 2002-08-22 17:47:42 +00:00 · 2002-08-22 17:47:42 +00:00 · 8609693d79
commit 8609693d79
parent 26f4dbc64b
6 changed files with 110 additions and 113 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1629,6 +1629,14 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
           	if ( check_key_signature( keyblock, k, NULL ) )
                    ; /* signature did not verify */
                else if ( IS_SUBKEY_REV (sig) ) {
+		  /* Note that this means that the date on a
+                     revocation sig does not matter - even if the
+                     binding sig is dated after the revocation sig,
+                     the subkey is still marked as revoked.  This
+                     seems ok, as it is just as easy to make new
+                     subkeys rather than re-sign old ones as the
+                     problem is in the distribution.  Plus, PGP (7)
+                     does this the same way.  */
                    subpk->is_revoked = 1;
                    /* although we could stop now, we continue to 
                     * figure out other information like the old expiration