CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(keyring): use a single applied revocation to declare a key revoked

Browse Source 
Otherwise the PGP trust and revocation status file will not match our
expectations. A single applied revocation to this directory structure
should be checked either way.

We can later create TODO's to have at least two revocations for the keys
that would otherwise be still trusted and then change this value.
This commit is contained in:
Levente Polyak 2021-10-25 19:45:21 +02:00
parent 878752dc13
commit 03d5899f87
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libkeyringctl/keyring.py
View File

@ -686,7 +686,7 @@ def export_ownertrust(certs: List[Path], output: Path) -> Tuple[List[Fingerprint
return trusted_certs, revoked_certs
def export_revoked(certs: List[Path], main_keys: List[Fingerprint], output: Path, min_revoker: int = 2) -> None:
def export_revoked(certs: List[Path], main_keys: List[Fingerprint], output: Path, min_revoker: int = 1) -> None:
"""Export the PGP revoked status from a set of keys
The output file contains the fingerprints of all self-revoked keys and all keys for which at least two revocations