can someone verify the gnupg Fingerprint for pubkey?

Peter Lebbing peter at
Sat Jun 9 17:57:04 CEST 2012

On 09/06/12 17:17, Robert J. Hansen wrote:
> My bootstrap is "I trust my Linux distribution."  My distro is a trusted
> software provider, in the traditional security sense of a "trusted
> provider".  If I receive software from an official Fedora repo and it is
> signed by the repo release team, that's good enough for me.

Suppose you would want to build from the vanilla source downloaded from and signed by "Werner Koch (dist sig)", how would you verify
authenticity of that key?

I also just trust the Debian repo for my software. Unfortunately, the problem is
just transferred to the signature on the ISO I download to install Debian on a
new system. I do the same: download the sig from various places and compare the


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list