@micahflee No, it's "Do not use SKS keyserver sites (no validity checks) <@>".

@yegortimoshenko think I should update the issue pointing out what's going on with their signing key? or would you like to? :)

@yegortimoshenko make sure to include a screenshot.

Also, did you know that sks also doesn't verify sigs on revocation certificates? It just displays them as if they're all valid

@micahflee OK!

Yes, might also make sense to "revoke" their signing key before updating the issue :-)

I actually had to stub signature checks in Go openpgp package to make this work, it won't normally read invalid packets.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!