Invalid key self-signature is not rejected

[mgorny]

e.gpg.gz (I'm sorry, I had to gzip it so that github accepted it)

The attached key file has a bad self-signature. GnuPG rejects the key as invalid:

$ gpg --import e.gpg
gpg: key D26247C45DCEDCA4: 1 bad signature
gpg: key D26247C45DCEDCA4: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

However, PGPy behaves as if everything were fine:

In [1]: import pgpy

In [2]: k = pgpy.PGPKey.from_file('e.gpg')[0]

In [3]: k.expires_at
Out[3]: datetime.datetime(2024, 8, 12, 19, 9, 57)

Even if I were to assume that I need to manually verify self-signatures (the docs don't say a word about that), the self_signatures attribute is empty.

[mgorny]

Ping.

[mgorny]

Ok, I think I know how to handle this. I was being stupid and missed the point that signatures are part of userids. So if I take userids, and verify them, I get the verification failure properly.