On Tue, Apr 5, 2022 at 4:49 PM Johan Corveleyn <jcor...@gmail.com> wrote: > > Thanks all for sharing your gpg key hurdles. It saved me a lot of time > when I ran into the same issues while verifying Mark's signature :-). > > 1. Signature algorithm not recognized > -> updated my gpg to latest version (2.3.4)
When I was faced with that prompt to create the key I was thinking i should just choose RSA but so many of the docs say not to use it. > > 2. keyserver problem when running 'gpg --refresh-keys' > -> put 'keyserver hkp://keyserver.ubuntu.com' into my > %APPDATA%/gnupg/gpg.conf like Julian did > > 3. Mark's key unknown > -> executed 'gpg --recv-key EC25FCC105618D04ADB43429C4416167349A3BCB' to get > it > > 4. Signature verified OK, but Mark's key not trusted, which, as Nathan > also said, is normal because it hasn't been crossed-signed by anyone > in my "web of trust". Okay, it's in the KEYS file (i.e. part of the > Apache records for Mark's id). This is as good as we can do, so +1. I am surprised that you all try to verify to this depth. I always just treated the signatures like a slightly better sha1 and did a simple gpg --verify to see if the signature was valid? Did you all cross sign each other's keys at one of the old developer meetups or something? Mark
