GnuPG distribution key with no trust

mailinglisten at mailinglisten at
Mon May 31 23:08:39 CEST 2021


is there a reason why the new software distribution key for GnuPG (
0x528897B826403ADA ) comes with no chain of trust at all? It does not
have any signature from any preceding key.

Past distribution keys like 0x53B620D01CE0C630 had signatures from other
keys you might have trusted like e.g. 0x5DE249965B0358A2

This makes it virtually impossible to build any trust in this new
distribution key.

Not signing such an important key with its predecessor is a severe
neglect of trust IMHO.


More information about the Gnupg-users mailing list