GnuPG distribution key with no trust
mailinglisten at posteo.de
mailinglisten at posteo.de
Sat Jun 12 22:00:20 CEST 2021
Am 10.06.21 um 21:33 schrieb Werner Koch:
> On Mon, 31 May 2021 21:08, mailinglisten--- said:
>> Hello,
>>
>> is there a reason why the new software distribution key for GnuPG (
>> 0x528897B826403ADA ) comes with no chain of trust at all? It does not
>> have any signature from any preceding key.
>
> I see
>
> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
> 6DAA6E64A76D2840571B4902528897B826403ADA
> uid [ full ] Werner Koch (dist signing 2020)
> sig!3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020)
> sig! 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig)
> sig! 63113AE866587D0A 2020-08-24 wk at gnupg.org
> sig! E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing)
>
> But you are right, the distributed key (gnugp tarball, website) has the
> key signatures removed. The problem is that you won't receive any key
> signature from the usual keyserver.
>
> I'll see that we can update the keys on the web and in gnupg. The above
> mentioned key with all key sigs is attached.
Indeed, the keyserver issue is a real pain that probably won´t go away
soon... Lucky to have your own hosted web site or mail provider
supporting WKD...
Thanks for all efforts!
regards
More information about the Gnupg-users
mailing list