trust owner => trust his key?
Hans Ekbrand
hans.ekbrand at gmail.com
Thu Jan 25 15:41:48 CET 2007
Hi gnupg-user!
I am new to the list. I have used gnupg for quite some time, mostly
for signing.
I use debian and have installed the package "debian-keyring" which holds the
public keys for the debian developers.
I have added a directive to .gnupg/gpg.conf to reflect this:
keyring /usr/share/keyrings/debian-keyring.gpg
Now I trust that these keys are valid (belong the right persons),
since debian seems to have good process for establishing that.
I don't want to sign these keys myself, since I haven't checked the
validity of them. I belive in the validity of them, but I would not to
vouch for it.
I thought that if I put "Full" owner trust to some of the developers
that would make all the keys valid (provided that enough of the
developers had signed each others keys). (Based on a large number of
emails I have read from debian-developers, I do trust some of them).
Putting "Full" owner trust in one person didn't implicate that his key
was valid, which come to a suprise to me.
To sum up, I have two questions:
a) Why does not "Full" owner trust of a person implicate that that
persons key is valid? (If he can correctly validate correspondence
between other persons and keys why not trust him to do that on his
own key too?)
b) What should I do for gpg to recognise the keys in debian-keyring as
valid (should I sign them myself)?
--
Hans Ekbrand (http://sociologi.cjb.net) <hans at sociologi.cjb.net>
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : /pipermail/attachments/20070125/654ba16e/attachment.pgp
More information about the Gnupg-users
mailing list