This is indeed an issue, since from the web of trust perspective, a user should trust the key itself only if it is "valid".
By setting "trust" in a key, you actually only trust keys signed by that key. See: http://www.gnupg.org/documentation/faqs.en.html#q4.7 I've commented on this more detailed, upstream: http://bugzilla.gnome.org/show_bug.cgi?id=571688#c2 -- a key is put in "trusted keys" without it is signed https://bugs.launchpad.net/bugs/328735 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
