Pushed a fake UID to SKS keyserver signing key: https://pgp.key-server.io/search/0x41259773973A612A Source code (crawler next up): https://gitlab.com/yegortimoshenko/sks-tools (cc @micahflee)
@yegortimoshenko are the fake UIDs the two blank string ones at the end?
@micahflee No, it's "Do not use SKS keyserver sites (no validity checks) <@>".
@yegortimoshenko oh, ha!
@yegortimoshenko think I should update the issue pointing out what's going on with their signing key? or would you like to? :)
@micahflee Will do :-)
@yegortimoshenko make sure to include a screenshot.
Also, did you know that sks also doesn't verify sigs on revocation certificates? It just displays them as if they're all valid
Yes, might also make sense to "revoke" their signing key before updating the issue :-)
I actually had to stub signature checks in Go openpgp package to make this work, it won't normally read invalid packets.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!