From 03d5899f87da1a91f4c1469a86b1523e79a45058 Mon Sep 17 00:00:00 2001 From: Levente Polyak Date: Mon, 25 Oct 2021 19:45:21 +0200 Subject: [PATCH] fix(keyring): use a single applied revocation to declare a key revoked Otherwise the PGP trust and revocation status file will not match our expectations. A single applied revocation to this directory structure should be checked either way. We can later create TODO's to have at least two revocations for the keys that would otherwise be still trusted and then change this value. --- libkeyringctl/keyring.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libkeyringctl/keyring.py b/libkeyringctl/keyring.py index 49fb02a..3e236f6 100644 --- a/libkeyringctl/keyring.py +++ b/libkeyringctl/keyring.py @@ -686,7 +686,7 @@ def export_ownertrust(certs: List[Path], output: Path) -> Tuple[List[Fingerprint return trusted_certs, revoked_certs -def export_revoked(certs: List[Path], main_keys: List[Fingerprint], output: Path, min_revoker: int = 2) -> None: +def export_revoked(certs: List[Path], main_keys: List[Fingerprint], output: Path, min_revoker: int = 1) -> None: """Export the PGP revoked status from a set of keys The output file contains the fingerprints of all self-revoked keys and all keys for which at least two revocations