Copy Current GPG Installation to Another Server

Peter Lebbing peter at
Tue Mar 17 21:54:36 CET 2015

>> -----Original Message-----
>> From: Doug Barton [mailto:dougb at]
>> Sent: Tuesday, March 17, 2015 3:07 PM
>> To: Clark Rivard
>> Subject: Re: Copy Current GPG Installation to Another Server
>> gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID
>> 4F25E3B6
>> gpg: Good signature from "Werner Koch (dist sig)" [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg:          There is no indication that the signature belongs to the
>> owner.
>> You can safely ignore the warning, it simply means that you have not
>> validated the key yourself, which when it comes to signed packages is
>> not really a necessity.

Why is that? I understand getting a validated key can be tricky in
practice, but on the other hand, using *just* a short key ID to do your
verification feels like the other end of the spectrum... I think you
should at least verify the fingerprint on a web site or something.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list