GnuPG distribution key with no trust

Werner Koch wk at
Thu Jun 10 21:33:53 CEST 2021

On Mon, 31 May 2021 21:08, mailinglisten--- said:
> Hello,
> is there a reason why the new software distribution key for GnuPG (
> 0x528897B826403ADA ) comes with no chain of trust at all? It does not
> have any signature from any preceding key.

I see

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
uid           [  full  ] Werner Koch (dist signing 2020)
sig!3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig!         249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig!         63113AE866587D0A 2020-08-24  wk at
sig!         E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)

But you are right, the distributed key (gnugp tarball, website) has the
key signatures removed.  The problem is that you won't receive any key
signature from the usual keyserver.

I'll see that we can update the keys on the web and in gnupg.  The above
mentioned key with all key sigs is attached.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6DAA6E64A76D2840571B4902528897B826403ADA.asc
Type: application/pgp-keys
Size: 1459 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list