Keys not trusted

Malte Gell malte_gell@t-online.de
Sat May 10 03:36:02 2003


=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

> On Tuesday 06 May 2003 9:58 pm, Malte Gell wrote:
> > By the way, if you want to get subscribed to lots of mailing lists,
> > the --auto-key-retrieve option may bloat your key ring in the long
> > run. It may contain lots of keys from people you may never have
> > contact with
>
> [snipped]
>
> I am subscribed to 10 mailing lists, on four of which I am a
> Moderator. I use the --auto-key-retrieve option always.
=2E
=2E
=2E
> I am surprised that you appear not to do this too.  Or am I unusual
> in my use of GPG?

Maybe it is me who is unusual in the way of using GPG ;-) I've used this=20
option for some time but I had the feeling that when enabled it made me=20
a bit lazy regarding checking the authenticity of the keys I retrieved.=20
So I disabled it and if there is a person whose key I realley need I=20
make more efforts to get his/her key and to check its authenticity,=20
with auto-key-retrieve enabled I tend to be too lazy to really check=20
the key's authenticity, that's all... On the other hand, if you check=20
your keyring everyweek then this is also a thorough way of keeping the=20
keyring tidy, it's just a matter of taste how to keep the keyring in=20
shape I think.

Regards
Malte

=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iEYEAREDAAYFAj68V7AACgkQGzg12gD8wBZYigCePab0LtoCLqP/qjLwMPfOB/ho
+78AoJmNhJb3PkAGVghG5Id/MiJhp5HR
=3D+jd9
=2D----END PGP SIGNATURE-----