Revoked GPG userid when imported should not appear on GitLab interface

Summary

I revoked two userids while ago, and when I import the key, it appears as "unverified" but it shouldn't be trusted at all if the uid is revoked at the time of import.

Steps to reproduce

  1. Create a key with multiple user identity (email and name)
  2. Revoke one of them.
  3. Upload it to GitLab.
  4. ...
  5. PROFIT!

Example Project

N/A

What is the current bug behavior?

I see email addresses with fastlizard4.org and riseup.net.

What is the expected correct behavior?

I don't see fastlizard4.org and riseup.net at all.

Relevant logs and/or screenshots

Safari_2017-10-11_19-02-46_2x Teampaper_Snap_2017-10-11_19-03-54_2x

key on sks keyserver - fastlizard4.org and riseup.net is clearly marked as ‘revok’(ed).

Output of checks

This bug happens on GitLab.com.

PS: I'm not sure if this is CE feature or EE feature - move the issue as needed.

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Edited by 🤖 GitLab Bot 🤖