Jean-Pierre Chrétien wrote: > gpg --keyserver wwwkeys.eu.pgp.net --recv-keys C7FB382D > > works fine. > Seems that gpg isn't packaged with a default keyserver on Debian Lenny.
sorry then... ;) > gpg: Good signature from "LyX Release Manager ... this is what you have been looking for. > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: FE66 471B 4355 9707 AFDA D955 DE7A 44FA C7FB 382D > > Is the warning OK ? it depends what you want. its good enough as a checksum, if you wanted to trust the package was not compromised it would need establish gpg web of trust which can be done only by signing the keys through social contact, not virtually. unless you join some pgp sign party this will be the case for all the keys you ever get through those servers, because you never know who sits behind them and who actually put the keys into the db... for this moment it is the best what you can get, since we have zero trust from the POV of gpg trust-web anyway (the key was created two days ago;) pavel
