On Fri, Feb 23, 2007 at 11:15:00PM -0500, Joey Hess wrote: > Changed-By: Joey Hess <joeyh@debian.org> > Comment: Removing an old email address. I'm not sure that's plausible -- afaik the keyring gets synced to the real keyservers for new signatures and uids, so removing addresses doesn't work; though iirc you can do a revocation of a uid these days. > Changed-By: Joey Hess <joeyh@debian.org> > Comment: Joey also wants to have two keys in the keyring, here's the new one. --- From: joeyh To: keyring-maint Subject: Re: wtf is this new key?? > > Hey! What's with the new key? That's not mine! What's going on??? > You sent a signed mail requesting it, see attached. Crap, that wasn't me. Looks like my key's been compromised. Here's a signed disavowal of the new key, and a revocation of the old key. Please check for any uploads signed with the new key, they could be trojans. --- There should be some way of getting back to the original conversation in case something goes wrong. I guess a field containing a URL to an rt entry or similar would work? > Note that this is a relative changeset: its action depends on the > keyring it's run on, since it deletes uid 3 of 788A3F4C. That means you can't reorder changesets easily. I wonder if it'd be better say "del uid joeyh@master.debian.org" and have the tool work out which uid (if any) that is. > Which points to the need for the review tool. I wonder if review stuff should be somewhere for easy grepping? Things like the keycheck.sh output included in AM reports would be useful to have around. > joey@kodama:~>cmp input.gpg TESTRING.gpg > joey@kodama:~> Didn't you delete a uid as well as add and remove a key? Why aren't there differences? Cheers, aj
Attachment:
signature.asc
Description: Digital signature