On Sun, Nov 07, 2004 at 17:16:25 +0100, Thomas Butter wrote:
Am So, den 07.11.2004 schrieb Jorgen Cederlof um 16:04:
- GnuPG instead of pksclient is now used to parse and validate the
keys. This is needed to get the signature type, but also removes invalid keys and gives us the primary UID instead of just a random(?) one. Because some invalid keys and signatures are removed, the size of the web of trust will shrink on 2004-12-01.
I like the changes. Are the signatures also checked before adding them to the wot?
Yes. pksclient is used to get a key when given a KeyID. Then GnuPG is asked to get the name of the key and the KeyIDs of the keys signing this key. All those keys are concatenated into a keyring and GnuPG is now asked to validate all signatures. The result of that validation (minus keys not in the strongly connected set) is what finally gets into the .wot.
Regards, Jörgen