can someone verify the gnupg Fingerprint for pubkey?

[Peter Lebbing]

On 09/06/12 17:17, Robert J. Hansen wrote:
> My bootstrap is "I trust my Linux distribution."  My distro is a trusted
> software provider, in the traditional security sense of a "trusted
> provider".  If I receive software from an official Fedora repo and it is
> signed by the repo release team, that's good enough for me.

Suppose you would want to build from the vanilla source downloaded from
gnupg.org and signed by "Werner Koch (dist sig)", how would you verify
authenticity of that key?

I also just trust the Debian repo for my software. Unfortunately, the problem is
just transferred to the signature on the ISO I download to install Debian on a
new system. I do the same: download the sig from various places and compare the
issuer.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt