Re: Maybe helpful - tool to check for chains of trust and collisions in GPG signatures

[Jakub Wilk <jwilk@debian.org>]

[Please CC Johannes Thomas Nix on replies; he's not subscribed.]

* Johannes Thomas Nix <Johannes.Thomas.Nix@posteo.net>, 2016-08-11, 09:16:
> Found on Reddit a mention of the debian-devel thread about finding GPG 
> key collisions for developer keys.
>
> Why I write, a while ago I thought about these issues of key 
> verification, and resulted in making a small tool which can discover 
> and check trust paths  within the PGP web of trust. It uses the "PGP 
> pathfinder" service to discover signature chains. It also warns about 
> collisions.
>
> The thing is still somewhat experimental (probably not suited for 
> general use) but it might be helpful in situations like this.
>
> https://gitlab.com/jnxx/check-trustpaths

Very interesting.

Sounds vaguely similar to Enrico's verify-trust-paths:
https://github.com/spanezz/verify-trust-paths

> I am not writing this to debian-devel as I am not myself on the list.

We welcome contributions from people who are not subscribed, too.

> If you think this is on topic and helpful, you are allowed to share 
> this message.

Done!

--
Jakub Wilk