Jp Calderone wrote: > The required key is indicated in the message. You just need to retrieve it: > > gpg --import 41C6E930 > > Re-running --verify should now work.
Partially, yes: it will verify that the signature was made by the public key with that key ID. That doesn't mean you know for sure that the person you assume to be behind the key really is the "owner" of the key. For that, you would actually have to validate the public key, e.g. by looking at the signatures on the public key, and checking whether you recognize them, and whether you believe they would only sign keys for people they have verified in person. This is nothing cheeseshop could help with: the web of trust really is between people, not between technology. Regards, Martin _______________________________________________ Catalog-sig mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
