dirmngr: Do not store the useless pgpSignerID in the LDAP.

* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the pgpSignerID. * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records. -- The pgpSignerID has no use in the LDAP and thus don't store it. David's idea back in 2004 was /* This bit is really for the benefit of people who store their keys in LDAP servers. It makes it easy to do queries for things like "all keys signed by Isabella". */ See-commit: 3ddd4410ae I consider this dangerous because such a query is not able to validate the signature, does not get revocation signatures, and also has no information about the validity of the signatures. Further many keys are spammed tehse days with faked signatures and it does not make sense to blow up the LDAP with such garbage. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-12-14 15:18:01 +01:00 · 2020-12-14 15:18:01 +01:00 · cc056eb534
commit cc056eb534
parent 37a899d0e4
4 changed files with 5 additions and 25 deletions
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@ -357,9 +357,9 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
 /* Send an OpenPGP key to all keyservers.  The key in {DATA,DATALEN}
   is expected to be in OpenPGP binary transport format.  The metadata
   in {INFO,INFOLEN} is in colon-separated format (concretely, it is
-   the output of 'for x in keys sigs; do gpg --list-$x --with-colons
-   KEYID; done'.  This function may modify DATA and INFO.  If this is
-   a problem, then the caller should create a copy.  */
+   the output of 'gpg --list-keys --with-colons KEYID').  This function
+   may modify DATA and INFO.  If this is a problem, then the caller
+   should create a copy.  */
 gpg_error_t
 ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
 	       void *data, size_t datalen,