https://bugzilla.redhat.com/show_bug.cgi?id=1834731
--- Comment #133 from Björn Persson <bjorn(a)xn--rombobjrn-67a.se> ---
Created attachment 1843870
-->
https://bugzilla.redhat.com/attachment.cgi?id=1843870&action=edit
patch to filter out revoked and expired keys
(In reply to Björn Persson from comment #131)
(In reply to Simone Caronni from comment #130)
> If you think this does not answer your concern please provide a patch/diff
> to the script so I can understand what you mean. Thanks.
I don't have tested code ready right now but I think you can use gpg2
instead of gpgv2 – only in bitcoin-gpg.sh, not in the spec – and (using
--status-fd) grep for "^\[GNUPG:\] GOODSIG " only, excluding REVKEYSIG,
EXPKEYSIG, BADSIG et cetera. That pattern matches only at the beginning of a
line to ensure that it matches a keyword and not some other part of the
output. The pattern includes a trailing space to ensure that it matches a
whole keyword, not just a prefix.
I took the time to write a patch. Here's how to avoid trusting a key whose
owner says not to trust it.
--
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1834731