Re: Maybe helpful - tool to check for chains of trust and collisions in GPG signatures
[Please CC Johannes Thomas Nix on replies; he's not subscribed.]
* Johannes Thomas Nix <Johannes.Thomas.Nix@posteo.net>, 2016-08-11, 09:16:
Found on Reddit a mention of the debian-devel thread about finding GPG
key collisions for developer keys.
Why I write, a while ago I thought about these issues of key
verification, and resulted in making a small tool which can discover
and check trust paths within the PGP web of trust. It uses the "PGP
pathfinder" service to discover signature chains. It also warns about
The thing is still somewhat experimental (probably not suited for
general use) but it might be helpful in situations like this.
Sounds vaguely similar to Enrico's verify-trust-paths:
I am not writing this to debian-devel as I am not myself on the list.
We welcome contributions from people who are not subscribed, too.
If you think this is on topic and helpful, you are allowed to share