Hi, On Fri, 26 Aug 2016 at 08:33:36 +0100, Leah Rowe wrote: > Op 26/08/16 om 01:15 schreef Guilhem Moulin: >> Would you mind cross-signing these 3 keys (and uploading them to >> the keyserver pool afterwards)? This should be enough to connect >> the new release signing key to the strong set, and therefore help >> people to establish trust path to it. > > I can't use the old signing key (I lost it)
I see. This is unfortunate, but FYI this is why it's good idea to
generate a revocation certificate right after generating an OpenPGP key:
it allows revocating the key even when the private has been lost.
> but I signed it with my email key, the info I use for this email
> address.
Have you uploaded the (signed) key somewhere? The one available on the
keyserver pool has only self-signatures:
http://keys.mayfirst.org/pks/lookup?search=0x969A979505E8C5B2&fingerprint=on&op=vindex
and so is the one found at <https://libreboot.org/gpg/lbkey.asc>.
> Others have verified this key so this should be enough.
This is indeed better than nothing :-)
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
