Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
gnome-keysign-sign-key fails to send certifications of User IDs that have no e-mail address #71
some keys, like 25FC1614B8F87B52FF2F99B962AF4031C82E0039, have a user ID that has no e-mail address.
If the user indicates that they intend to certify that user ID, its certification should be attached to any other certification that can be sent -- so the certifications are sent in tandem.
So for example, if an OpenPGP certificate looks like:
then the e-mail that goes to
That way, if the recipient gets any of the e-mails, they can see a certification over the user ID that has no e-mail address.
(this is how caff treats this kind of User ID)
Currently, gnome-keysign-sign-key produces this warning/error message when encountering such a User ID, and the certification is lost:
Right. We have the same problem for photo UIDs. I remember having actively decided to not send those because we do not have a way yet to know whether the user wants to have those signed.
Do you think we should unconditionally sign all user IDs? Or only non-photo UIDs? Or exactly one non-email UID?
it depends on how interactive you want gnome-keysign-sign-key to be. if it's allowed to be interactive, then prompting for each uid and uat (including the ones with e-mail addresses) is reasonable.
if it's non-interactive, then maybe by default just certify the uids that have a valid-looking e-mail address, but offer a