Thomas Schmitt wrote:
>Hi,
>
>Andrew F Comly wrote:
>> gpg: WARNING: This key is not certified with a trusted signature!
>
>I wonder whom we could trust to certify the Debian gpg key ...
It's signed by a number of prominent DDs, including 2 DPLs and 2
Release Managers. Oh, and a number of idiots who don't understand GPG:
they have signed it and pushed signatures to the keyservers without
any fingerprint verification. :-(
It's also contained in the debian-role-keys keyring in the
debian-keyring package:
gpg --no-default-keyring -kvc --keyring
/usr/share/keyrings/debian-role-keys.gpg DA87E80D6294BE9B
pub 4096R/DA87E80D6294BE9B 2011-01-05
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
uid Debian CD signing key <[email protected]>
sub 4096R/642A5AC311CD9819 2011-01-05
and the full fingerprint is also on the Debian website using https for
people who would rather trust that.
--
Steve McIntyre, Cambridge, UK. [email protected]
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.
