martin f. krafft [2017-06-21 11:03:40+02] wrote:
> 24 duplicate signatures removed
>
> That's a bit weird. Where do these come from?
I've seen the message with other keys too, just after --edit-key. The
number of duplicate signatures varies. Next --refresh-keys command
downloads the signatures
On Tue, Jun 20, 2017 at 01:56:57PM -0400, Daniel Kahn Gillmor wrote:
Hi Rex--
On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
root@debian-rig:/home/rexk# wget -qO -
https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
gpg: WARNING: nothing exported
gpg: no valid
Hey,
My key on the keyservers is 0x55C9882D999BBCC4. If I download this
to a fresh keyring, I get some weird behaviours:
% alias gpg='gpg --homedir=.'
% gpg --recv-key 0x55C9882D999BBCC4
gpg: keybox '/home/ssd/madduck/.tmp/cdt.p0R8ly/pubring.kbx' created
gpg:
Hi,
At Tue, 20 Jun 2017 15:34:44 +0200,
martin f krafft wrote:
> I've spent some time trying to figure out how to make actual use of
> the web-of-trust (the "pgp" trust-model), and I am turning to this
> list for some advice, related to a couple of questions:
>
> 1. My public keyring has several
also sprach Neal H. Walfield [2017-06-21 11:53 +0200]:
> > 3. Is there a way to run --check-trustdb or --update-trustdb not
> >over the entire key graph, but only traversing to a certain depth
> >starting from a specific key? Then I could tell parcimonie to run
> >
martin f krafft writes:
> And then check this out:
>
> % gpg --edit-key 0x55C9882D999BBCC4
> gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the
At Wed, 21 Jun 2017 13:55:52 +0200,
martin f krafft wrote:
>
> also sprach Neal H. Walfield [2017-06-21 11:53 +0200]:
> > > 3. Is there a way to run --check-trustdb or --update-trustdb not
> > >over the entire key graph, but only traversing to a certain depth
> > >
martin f krafft writes:
> Hey,
>
> My key on the keyservers is 0x55C9882D999BBCC4. If I download this
> to a fresh keyring, I get some weird behaviours:
gpg --version please?
> % alias gpg='gpg --homedir=.'
I tend to do: $ export GNUPGHOME=$(mktemp -d)
> So far, so
On Fri 2017-06-16 10:06:38 +0300, Teemu Likonen wrote:
> My question is simple (kind of): In what situations would you revoke a
> certificate that you have made on someone else's key? (Technically:
> --edit-key + revsig.)
That action would be me saying "i no longer believe that this key is
only
On Wed, 21 Jun 2017 19:02:26 +0200, Peter Lebbing wrote:
> On 08/06/17 22:33, Stefan Claas wrote:
> > I did a test today with Enigmail and with TOFU in command line mode.
> > I posted 3 messages with a fantasy name to a Usenet test group where
> > the 3rd message was signed with a fake key and
Daniel Kahn Gillmor [2017-06-21 14:03:00-04] wrote:
> in the abstract:
>
> * i learned via some channel i consider trustworthy that this key isn't
>appropriate for use with this User ID any more.
>
> more concretely:
>
> * "I had lunch with Sarah and she told me she'd lost access to her
>
On 21/06/17 20:49, Peter Lebbing wrote:
> which would still
> be marginally safe until computers are much faster, and certainly not a
> short ID which is utterly unsafe and has always been.
Which *might* still be marginally safe. I haven't done any actual
calculations, and I want to seriously
On Wed, 21 Jun 2017 19:11, pe...@digitalbrains.com said:
> I think this is because of an expired certificate for versions.gnupg.org:
Sorry for this. Fixed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpLUBTrl8Z_C.pgp
Description: PGP
On Wed, 21 Jun 2017 21:04:09 +0200, Peter Lebbing wrote:
> On 21/06/17 20:49, Peter Lebbing wrote:
> > which would still
> > be marginally safe until computers are much faster, and certainly
> > not a short ID which is utterly unsafe and has always been.
>
> Which *might* still be marginally
On 21/06/17 20:30, Stefan Claas wrote:
> Technically spoken Enigmail showed all three messages as "Untrusted
> Good Signature from Ernst Mustermann etc. , because i have not signed
> the first key locally, to get for the first two messages a green bar
> in Enigmail.
Or either:
- Used
On 2017/06/20 14:34, martin f krafft wrote:
> 5. Has anyone come up with a smart way to keep pubring/trustdb
>synchronised between multiple workstations?
I have a quick and dirty tool here:
https://github.com/andrewgdotcom/synctrust
A
signature.asc
Description: OpenPGP digital signature
Hi Martin,
On Wed, 21 Jun 2017 at 11:03:40 +0200, martin f krafft wrote:
> And then check this out:
>
> % gpg --edit-key 0x55C9882D999BBCC4
> […]
>
> key 55C9882D999BBCC4:
> 24 duplicate signatures removed
>
> That's a bit weird. Where do these come from?
The OpenPGP packets were not ordered
On 21/06/17 17:14, murphy wrote:
> download of swdb.lst failed.
I think this is because of an expired certificate for versions.gnupg.org:
$ wget -S https://versions.gnupg.org/swdb.lst
--2017-06-21 19:11:03-- https://versions.gnupg.org/swdb.lst
Resolving versions.gnupg.org
On 18/06/17 03:48, Christopher Jones wrote:
> It's a task to setup gpg on new boxes: Import pub key, ultimately trust
> my key, and muck around with gpg and ssh agents.
If all you want to do is SSH, you don't need your key, so it reduces to
"muck around with gpg and ssh agents". As long as
Hi all - during a routine build of gnupg-2.1.21 for Ubuntu 16.04 LTS a
speedo build from source that has consistently worked as recently as a
few days ago has now consistently hung up. This is true on a Raspberry
Pi 3 armhf environment as well as Ubuntu linux. The offending command
seems to be:
On 08/06/17 22:33, Stefan Claas wrote:
> I did a test today with Enigmail and with TOFU in command line mode.
> I posted 3 messages with a fantasy name to a Usenet test group where
> the 3rd message was signed with a fake key and Enigmail showed me this:
>
> UNTRUSTED Good signature from Ernst
21 matches
Mail list logo