@micahflee Another SKS bug. Anyone can make a key unimportable: try `gpg --keyserver pgp.mit.edu --recv-keys 0x4F3F50786C401DCE`, it will fail. Also see pgp.mit.edu/pks/lookup?op=vind

Follow

@micahflee This is basically for the same reason: no validation on packets whatsoever. Packets that cause the key to be unimportable are clearly not RFC-compliant, but SKS still accepts those packets.

@yegortimoshenko wow. Think you should open a second issue for this bug, or keep it as part of the same issue?

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!