Oohara Yuuma wrote: > When signing a GPG key, is it better to sign all of its uids, or > just an uid that I see relevant (such as the @debian.org one)? > I usually meet someone, get a hardcopy of the key fingerprint, > the e-mail address and so on, then check it later and sign the uid > which have that address in it. > > --
I prefer to validate each email address. It is mostly a personal preference but at least I know the uid was valid at one point. I have a uid associated with an employer account that I do not have access to. It makes no sense for someone to sign that uid and I will probably expire it soon. Richard
