GnuPGP-Download
Markus Konstroffer
konstrof@wiwi.uni-frankfurt.de
Wed, 1 Dec 1999 11:09:36 +0100 (CET)
So what is the answer to my question?
Why does it say the package is signed by Werner Koch and has to be signed
by him to be safe to install, but it is not signed with one of his keys?
Remember: I downloaded the package from
ftp://ftp.gnupg.org/pub/gcrypt/gnupg/
and not a mirror-site.
Thank you for your help!
Markus
On Tue, 30 Nov 1999, J Horacio MG wrote:
> El mar, 23 de nov de 1999, a las 04:39:32 +0100, Markus Konstroffer dijo:
> > Signature by unknown keyid: 0x0C9857A5
> >
> > The Key-ID of Werner Koch is:
> > pub 1024 0x57548DCD 1998-07-07 2002-12-29 DSS Sign only
> > uid Werner Koch (gnupg sig) <dd9jn@gnu.org>
> >
> > Who signed the package? Is it safe to install it? I downloaded it from
> > ftp://ftp.gnupg.org/pub/gcrypt/gnupg/
>
> h0rus:~$ gpg --list-keys Koch
> pub 768R/0C9857A5 1995-09-30 Werner Koch <werner.koch@guug.de>
>
> pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>
>
> pub 1024D/5B0358A2 1999-03-15 Werner Koch
>
> but this doesn't prove it is his key, and this key IS NOT signed with
> any other but itself, and again, his 57548DCD is not signed with
> 0C9857A5. Well, even if they were... who would know?
>
>
> Regards,
>
> --
> Horacio Anno MMDCCLII ad Urbe condita
> mailto:homega@ciberia.es
> ~ Spain ~Spanje ~ Spanien
> --------------------------------------------------------------------
> Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6
>