Pushed a fake UID to SKS keyserver signing key: https://pgp.key-server.io/search/0x41259773973A612A Source code (crawler next up): https://gitlab.com/yegortimoshenko/sks-tools (cc @micahflee)
@yegortimoshenko are the fake UIDs the two blank string ones at the end?
@micahflee No, it's "Do not use SKS keyserver sites (no validity checks) <@>".
@yegortimoshenko oh, ha!
@yegortimoshenko think I should update the issue pointing out what's going on with their signing key? or would you like to? :)
@micahflee Will do :-)
@yegortimoshenko make sure to include a screenshot.
Also, did you know that sks also doesn't verify sigs on revocation certificates? It just displays them as if they're all valid
Yes, might also make sense to "revoke" their signing key before updating the issue :-)
I actually had to stub signature checks in Go openpgp package to make this work, it won't normally read invalid packets.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!