On 20 July 2011 11:06, Nick <suckless-...@njw.me.uk> wrote: > But just downloading the key from a keyserver, even if it isn't > trusted by your web of trust, is better than e.g. just > distributing a hash, [...]
The concept of PGP trust lies in the Web-of-Trust, nowhere else. If you don't find a trust-path from you to the signing key, then the signature does only provide the information of a checksum hash. meillo