On 09-08-2022 23:07, Ludovic Courtès wrote: > Hello, > > As Tobias explains at > and > as can be seen from ‘.guix-authorizations’, the (guix openpgp) and (guix > git-authenticate) machinery reports the fingerprint of subkeys on > signatures (when subkeys are used) rather than the fingerprint of > primary keys. > > This should be changed to report primary keys, at least optionally. Why should it be changed? IIUC .guix-authorizations and (guix ...) care about the key that things were signed with, not necessarily the primary key, so it seems to me that it needs to report the subkey fingerprint, not the fingerprint of the primary key it belongs to, as the primary key is irrelevant to them IIUC. Greetings, Maxime.