PGP signatures.
Aaron Konstam
akonstam at sbcglobal.net
Wed May 28 13:04:25 UTC 2008
On Tue, 2008-05-27 at 22:10 -0400, Todd Zullinger wrote:
> Aaron Konstam wrote:
> > I have the file set up as you indicate and evolution indicates the
> > key is invalid. Maybe its evolutions fault.
>
> The issue that I was responding to was getting the key automatically
> retrieved from a keyserver. That is a separate issue from validating
> the key. If evolution tells you that the key is invalid, it would
> indicate to me that it did retrieve the key correctly. It then could
> not find any trusted signatures on that key, thus the key is
> "invalid."
>
> For a key to be valid, it needs to be signed by a key to which you
> have given sufficient trust. Your own key is ultimately trusted. You
> can assign various levels of trust to other keys (once they have been
> signed by a trusted key). By default, gpg will consider a key valid
> if it signed by at least one fully or ultimately trusted key, or by 3
> or more marginally trusted keys.
Ok, I agree with your analysis. It can't be ruled as invalid if had not
been retrieved. But I am ignorant. I do not know how to do the signing
processes you describe. Is there a simple explanation available?
--
=======================================================================
Beware of the Turing Tar-pit in which everything is possible but nothing
of interest is easy.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net
More information about the fedora-list
mailing list