### Summary When adding a GPG key that has revoked UIDs, these UIDs are still shown in the UI as being `verified`/`unverified`. ### Steps to reproduce Create a new GPG key, add a second UID and revoke one of the UIDs: ``` $ gpg --gen-key $ gpg --edit-key <your key id> gpg> adduid gpg> uid 1 gpg> revuid gpg> save $ gpg -a --export <your key id> | xclip -i ``` Now add the key to your GitLab account. ### What is the current *bug* behavior? When adding a new GPG key to an account, the revoked UIDs are still shown in the UI and can even be verified (see screenshot) ### What is the expected *correct* behavior? The revoked UIDs should not be listed and especially not be listed as being verified. ### Relevant logs and/or screenshots ``` $ LANG=en gpg --list-options show-unusable-uids --list-keys 0x30D341DD34118D7D pub rsa2048/0x30D341DD34118D7D 2018-10-07 [SC] [expires: 2020-10-06] Key fingerprint = AA6D 4F3C 4EE0 003B 7E44 1D18 30D3 41DD 3411 8D7D uid [ unknown] Jane Doe <jane.doe@example.com> uid [ revoked] Some Name <mail+gitlab@vbrandl.net> uid [ revoked] John Doe <john.doe@example.com> sub rsa2048/0x53691D008B648BCD 2018-10-07 [E] [expires: 2020-10-06] ``` Only the UID for "Jane Doe" is active. Still after adding the key, the UI shows the following:  ### Output of checks This bug happens on GitLab.com ### Further Notes At least when signing commits and having verified only a revoked UID, the commit is shown as being `Unverified`: https://gitlab.com/vbrandl/test-invalid-uid/commit/8654ab0adbdfa34338ae9207c85130425d71b9bf