Brad Rogers writes: > Yes, you've got the right key, and it *has* verified. However, since > Andrei's key is not included in your web-of-trust, GPG gives the warning. > A valid signature != a trusted signature.
Such signatures can serve a useful purpose, though. You may not have a trust path to him but you can be fairly sure that all messages with that signature came from the same person. > If they have, I'd be suspicious, because nobody has ever contacted me to > verify my ID. "ID" is a slippery concept. What does it mean to "know who someone is"? -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
