-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 03 October 2002 2:40 pm, Russell Coker wrote: > On Thu, 3 Oct 2002 15:17, Ben Burton wrote: > > > so you have to do > > > gpg --edit-key <email-address> > > > Command> sign > > > Command> trust > > > Command> save > > > > No! You should only ever sign a key if you can be sure the key belongs > > to the person who claims to own it. This generally means you have > > received the key (or its fingerprint) through a non-electronic medium - > > such as in person on a slip of paper - and you have verified the identify > > of its owner, such as by checking a drivers' license or passport. > > I was under the impression that the original message was about your own > key, which you should sign (keys that aren't self-signed are worthless). > Presumably you don't need to look at your own drivers' license. >
GPG changed recently in that it stopped ultimately trusting any key for which you have a private key. This means you have to edit your key and trust yourself. I would be surpised if someone had managed to create a key which hadn't been self-signed. However, that said, I was under the impression that the email bab followed up to was advocating signing keys willy nilly. Certianly how I read it. - -- David Pashley [EMAIL PROTECTED] Nihil curo de ista tua stulta superstitione. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9nFEGYsCKa6wDNXYRAqS9AJ0Rtt8yB0DjOYcbDI9z15SKx3/KMACghKB3 K8jCX+bg0vpgVbh3wxU15X0= =uFuM -----END PGP SIGNATURE-----
