Copy Current GPG Installation to Another Server
peter at digitalbrains.com
Tue Mar 17 21:54:36 CET 2015
>> -----Original Message-----
>> From: Doug Barton [mailto:dougb at dougbarton.email]
>> Sent: Tuesday, March 17, 2015 3:07 PM
>> To: Clark Rivard
>> Subject: Re: Copy Current GPG Installation to Another Server
>> gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID
>> gpg: Good signature from "Werner Koch (dist sig)" [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg: There is no indication that the signature belongs to the
>> You can safely ignore the warning, it simply means that you have not
>> validated the key yourself, which when it comes to signed packages is
>> not really a necessity.
Why is that? I understand getting a validated key can be tricky in
practice, but on the other hand, using *just* a short key ID to do your
verification feels like the other end of the spectrum... I think you
should at least verify the fingerprint on a web site or something.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users