trust owner => trust his key?

Hans Ekbrand hans.ekbrand at
Thu Jan 25 15:41:48 CET 2007

Hi gnupg-user!

I am new to the list. I have used gnupg for quite some time, mostly
for signing.

I use debian and have installed the package "debian-keyring" which holds the
public keys for the debian developers.

I have added a directive to .gnupg/gpg.conf to reflect this:

keyring /usr/share/keyrings/debian-keyring.gpg

Now I trust that these keys are valid (belong the right persons),
since debian seems to have good process for establishing that.

I don't want to sign these keys myself, since I haven't checked the
validity of them. I belive in the validity of them, but I would not to
vouch for it.

I thought that if I put "Full" owner trust to some of the developers
that would make all the keys valid (provided that enough of the
developers had signed each others keys). (Based on a large number of
emails I have read from debian-developers, I do trust some of them).

Putting "Full" owner trust in one person didn't implicate that his key
was valid, which come to a suprise to me.

To sum up, I have two questions:

a) Why does not "Full" owner trust of a person implicate that that
   persons key is valid? (If he can correctly validate correspondence
   between other persons and keys why not trust him to do that on his
   own key too?)

b) What should I do for gpg to recognise the keys in debian-keyring as
   valid (should I sign them myself)?

Hans Ekbrand ( <hans at>
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : /pipermail/attachments/20070125/654ba16e/attachment.pgp 

More information about the Gnupg-users mailing list