GnuPG distribution key with no trust

mailinglisten at mailinglisten at
Sat Jun 12 22:00:20 CEST 2021

Am 10.06.21 um 21:33 schrieb Werner Koch:
> On Mon, 31 May 2021 21:08, mailinglisten--- said:
>> Hello,
>> is there a reason why the new software distribution key for GnuPG (
>> 0x528897B826403ADA ) comes with no chain of trust at all? It does not
>> have any signature from any preceding key.
> I see
> pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
>       6DAA6E64A76D2840571B4902528897B826403ADA
> uid           [  full  ] Werner Koch (dist signing 2020)
> sig!3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
> sig!         249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
> sig!         63113AE866587D0A 2020-08-24  wk at
> sig!         E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
> But you are right, the distributed key (gnugp tarball, website) has the
> key signatures removed.  The problem is that you won't receive any key
> signature from the usual keyserver.
> I'll see that we can update the keys on the web and in gnupg.  The above
> mentioned key with all key sigs is attached.

Indeed, the keyserver issue is a real pain that probably won´t go away
soon... Lucky to have your own hosted web site or mail provider
supporting WKD...

Thanks for all efforts!

More information about the Gnupg-users mailing list