GnuPGP-Download

Werner Koch wk@gnupg.org
Sun, 5 Dec 1999 00:45:38 +0100


 On Sat, Dec 04, 1999 at 08:14:17PM +0100
 Thilo Barth wrote:


> Thus the signature of the GnuPG package is a dazzle -- werner's current
> public key is neither incorporated into a web-of-trust nor certified by
> any CA, which is a non-tolerable situation for such an ambitious
Did you read the README? Did you noticed that it is signed with my old RSA key which in turn is very good connected and printed in the GTR? The fingerprint of the signing key is inside this README file (see "How to verify the source" point a). Furthermore the signing key 57548DCD is signed by my signature-only key 5B0358A2 which in turn is signed by my old RSA key. So where is the problem? -- Werner Koch at guug.de www.gnupg.org keyid 621CC013