diff options
| author | David Shaw <[email protected]> | 2002-07-22 17:52:02 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-07-22 17:52:02 +0000 |
| commit | b65aced7b2fed2477c7034289b773bc9232c23be (patch) | |
| tree | 4908f40642589d2657afa5af2c11db6b0277ea2c /g10/revoke.c | |
| parent | * keydb.c (keydb_add_resource): Register a lock file. (diff) | |
| download | gnupg-b65aced7b2fed2477c7034289b773bc9232c23be.tar.gz gnupg-b65aced7b2fed2477c7034289b773bc9232c23be.zip | |
* revoke.c (gen_desig_revoke): Lots more comments about including
sensitive revkeys along with the revocation sig itself.
* keyserver.c (parse_keyserver_options): Simpler implementation that can
skip one pass over the options.
Diffstat (limited to 'g10/revoke.c')
| -rw-r--r-- | g10/revoke.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/g10/revoke.c b/g10/revoke.c index af7c32ef4..c99bf4c80 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -229,9 +229,20 @@ gen_desig_revoke( const char *uname ) } /* Include the direct key signature that contains this - revocation key. We're allowed to include sensitive - revocation keys along with a revocation, and this may - be the only time the recipient has seen it. */ + revocation key. We're allowed to include sensitive + revocation keys along with a revocation, and this may + be the only time the recipient has seen it. Note that + this means that if we have multiple different sensitive + revocation keys in a given direct key signature, we're + going to include them all here. This is annoying, but + the good outweighs the bad, since without including + this a sensitive revoker can't really do their job. + People should not include multiple sensitive revocation + keys in one signature: 2440 says "Note that it may be + appropriate to isolate this subpacket within a separate + signature so that it is not combined with other + subpackets that need to be exported." -dms */ + while(!revsig) { KBNODE signode; |