methods/gpgv: Correctly handle weak signatures with multiple keys

We added weak signatures to BadSigners, meaning that a Release file
signed by both a weak signature and a strong signature would be
rejected; preventing people from migrating from DSA to RSA keys
in a sane way.

Instead of using BadSigners, treat weak signatures like expired
keys: They are no good signatures, and they are worthless.

Gbp-Dch: ignore

0 files changed, 0 insertions, 0 deletions