Access to only via TLS

Werner Koch wk at
Thu May 1 14:55:51 CEST 2014

On Wed, 30 Apr 2014 21:36, at said:

>                I'm thinking, now you are using CAcert certificates,
> would it be possible to get a CAcert signature on the gpg signing key
> for GnuPG releases? I know the signing key has been said to be "well

If they wish to do that they can certainly do so.  I have been an an
CAcert assurer for many years.

Regarding the release signing key:

pub   rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
uid                  Werner Koch (dist sig)
sig!3        4F25E3B6 2011-01-12  Werner Koch (dist sig)
sig!         1CE0C630 2011-01-12  Werner Koch (dist sig) <dd9jn at>
sig!         1E42B367 2011-01-12  Werner Koch <wk at>
sig!         1CE0C630 2011-01-12  Werner Koch (dist sig) <dd9jn at>

Now check my primary key:

$ gpg2 --check-sigs --with-colons 1E42B367 \
   | awk -F: '$1=="sig" && $2=="!" {print $5}' | sort | uniq | wc -l

(plus 28 signatures not checked due to missing keys.  Which probably
means that I didn't signed their key)

I see more than 70 unique signers since 2008.  Of course it is also
signed by my old key which has 308 still valid signers.  That key used
to be on rank 2 of that key signing fun list - up until the KDE and
Debian guys entered the game ;-)



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list