On Thu, Jan 25, 2007 at 03:41:48PM +0100, Hans Ekbrand wrote: > Hi gnupg-user! > > I am new to the list. I have used gnupg for quite some time, mostly > for signing. > > I use debian and have installed the package "debian-keyring" which holds the > public keys for the debian developers. > > I have added a directive to .gnupg/gpg.conf to reflect this: > > keyring /usr/share/keyrings/debian-keyring.gpg > > Now I trust that these keys are valid (belong the right persons), > since debian seems to have good process for establishing that. > > I don't want to sign these keys myself, since I haven't checked the > validity of them. I belive in the validity of them, but I would not to > vouch for it. > > I thought that if I put "Full" owner trust to some of the developers > that would make all the keys valid (provided that enough of the > developers had signed each others keys). (Based on a large number of > emails I have read from debian-developers, I do trust some of them). > > Putting "Full" owner trust in one person didn't implicate that his key > was valid, which come to a suprise to me. > > To sum up, I have two questions: > > a) Why does not "Full" owner trust of a person implicate that that > persons key is valid? (If he can correctly validate correspondence > between other persons and keys why not trust him to do that on his > own key too?)
Owner trust doesn't mean "I trust this person" or "I trust that this key belongs to the person it seems to". It actually means "I trust this key to sign other keys". If you want to make a key valid, you need to either sign it yourself (you can use 'lsign' if you want to make a local signature that is for your own use, or 'sign' if you want to make the signature publically for anyone to use). Once a key is valid, then its owner trust is taken into account with making keys that it signed also valid. > b) What should I do for gpg to recognise the keys in debian-keyring as > valid (should I sign them myself)? You were on the right track before. Just instead of giving full owner trust to some of the developers, lsign their keys also. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
