On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote: > If that was the strategy everybody adopted with PGP, there'd be very > few, if any, keys signed, ever.
This *is* the strategy that most people use for PGP. > Thanks for the advice but I think I'll pass. You are entitled to maintain whatever local policy for signing you want: but, it weakens your position in a web of trust if your signatures are 'weaker' than other peoples. It means any trust path that flows through a signature of yours is suspect. GPG lets you choose a 'trust level' for keys. I'd suggest at least using a low-level value for keys you haven't validated. -- Jon Dowland -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20120513140517.GB32262@debian
