Andrew Clausen

You might find this project helpful: It worked for me, even though it hasn't been updated in 4 years.

I should mention that I am not the first person to encounter this problem -- I imagine many people are affected. See for example this Reddit thread:

@nwalfield, merging certificates sounds like a relatively hard problem to solve in general. In this situation, if the user types ``` sudo rpm --import linux_signing_key.pub ``` then they probably just...

> Can you explain what you are thinking or worried about here? I'm not especially worried. It just sounds like a lot of work! But it sounds like you have...

>> I suppose there might be some situations where that is helpful. But it sounds dangerous as a default behaviour. Old keys would never get retired / revoked. This could...

> Is a "key master" the entity that controls the key? > > I think we are using the word certificate in different ways. According to RFC 4880, a certificate...

> > ``` > > * Another example is the [Google's Linux signing key](https://dl.google.com/linux/linux_signing_key.pub), which is actually a collection of public keys bundled inside a single certificate. For the record,...

> @andrewclausen The Sequoia backend should process revocation certificates correctly. The internal backend does not, which is one of multiple reasons it is deprecated. It's not just a question of...

After some discussion on tor-dev, the Tor developers would like to get their keys in better order before publishing something like this. The keys published on their website are long...