On Thu, 11 Jan 2024 at 15:28, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > You installed the special "make it even harder to use" version didn't > you? We call that the standard version. Because "harder to use" comes with the base package. You have the same one: > Because for me (gpg 2.4.3) it gives > > jejb@lingrow:~> gpg --list-key E76040DB76CA3D176708F9AAE742C94CEE98AC85 > pub rsa2048 2011-09-23 [SC] [expires: 2026-03-11] > D5606E73C8B46271BEAD9ADF814AE47C214854D6 > uid [ultimate] James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> > uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxxxxxxx> > uid [ultimate] James Bottomley <jejb@xxxxxxxxxx> > uid [ultimate] [jpeg image of size 5254] > uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxx> > uid [ultimate] James Bottomley <jejb@xxxxxxxxxxxxxxxxxxxxx> > sub nistp256 2018-01-23 [S] [expires: 2024-01-16] > sub nistp256 2018-01-23 [E] [expires: 2024-01-16] > sub nistp256 2023-07-20 [A] [expires: 2024-01-16] Look closer. NOWHERE there does it mention E76040D.. Nowhere. Really. Yeah, it says that a key that I didn't even ask for has subkeys. It doesn't say what those subkeys are, nor does it say which one matches the one I actually asked for. Yes, you clearly have Stockholm syndrome and think that this is all normal and exactly what you would expect to see. I happen to think it's unbelievable garbage, and I think subkeys are something that makes gpg even harder to use than it would otherwise be. Here's a clue: if I ask "ls" to show a file, do you think it would be ok if "ls" instead said "here's the directory the file is in, and here are the dates of all the files inside that directory"? Or would you say that such a program is crap? Honestly now... And the above is actually being *generous* to gpg. The reality is even worse. Try this: gpg --list-key 37AAA9562C5CBD0C and notice how it doesn't even list the subkey I asked about. Not even with '--with-subkey-fingerprint'. And no, I'm not just making up particularly bad examples. This is the reality I deal with all the time when people use expiration dates on their keys. The above "show my the key" is *literally* the key you used a decade ago: git show --oneline --show-signature 233ba2c5ffcf and this is (one of millions) reason why I despise gpg and subkeys in particular. That key was valid at the time, and as far as I know there's no way for git to say "was it expired at the time", so now all those signatures flag as invalid. Plus the "--list-key" thing NOT EVEN SHOWING THE KEY I ASKED FOR. Christ. Ok, I'm over it now. I just wanted to rant about my least favourite program ever, and how you trigger all the worst parts of it. Linus