@micahflee No, it's "Do not use SKS keyserver sites (no validity checks) <@>".

@yegortimoshenko think I should update the issue pointing out what's going on with their signing key? or would you like to? :)

@yegortimoshenko make sure to include a screenshot.

Also, did you know that sks also doesn't verify sigs on revocation certificates? It just displays them as if they're all valid

@micahflee OK!

Yes, might also make sense to "revoke" their signing key before updating the issue :-)

I actually had to stub signature checks in Go openpgp package to make this work, it won't normally read invalid packets.

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!