x/crypto/openpgp: subkey selfsigs are added to the uid signatures

[aviau]

Consider the following packet ordering scenario:
PUBKEY UID SELFSIG SUBKEY REV SELFSIG

In this scenario, the openpgp package will add the subkey's selfsig to the UID.

This happens because the code assumes that there can only be one signature following the subkey, which isn't the case.

I have code that checks the number of signatures on an UID and it breaks because of this.

I have opened a pull request about this more than a month ago and I have received no answer, perhaps I should open an issue here?

see: https://go-review.googlesource.com/c/crypto/+/118957

Cheers

[FiloSottile]

Hi, sorry for the review lag, the 1.11 release is approaching and we are concentrating most resources on things blocking it. Opening a tracking issue is indeed a good idea as we are generally better at tracking issues.

[aviau]

Thanks for the response!

Don't worry about the delay. I am still new to contributing to Go and I wanted to make sure that I was doing it properly.

Opening a tracking issue is indeed a good idea as we are generally better at tracking issues.

Okay. In that case, I will now open issues along with changesets.

[gopherbot]

Change https://golang.org/cl/118957 mentions this issue: openpgp: do not treat subkey selfsigs as uid sigs

[aviau]

I has been over a month, I will take a chance and ping again.

@FiloSottile <3

Sorry if this is bothering.