What to do about duplicate signatures
In some cases, a SIGNATURES
object might accidentally have a signature packet literally duplicated.
What should the output of sop verify
or the --verify-out
target in sop decrypt
show in that case?
Should there be a duplicated in the VERIFICATIONS
output, or should they be collapsed?