> thomas@ga-78:~$ gpg --recv-keys 7C174863 > gpg: Schlüssel 7C174863 von hkp-Server keys.gnupg.net anfordern > gpg: /home/thomas/.gnupg/trustdb.gpg: trust-db erzeugt > gpg: Schlüssel 7C174863: Öffentlicher Schlüssel "Stig Roar Wangberg > <s...@openmailbox.org>" importiert > gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 > gpg: importiert: 1 (RSA: 1) > > > > You can also type in my email address in gpg.mit.edu. > > But I'm really curious if my public key-block is supposted to be > > attached to my signature? The 7C174863 is already there, yes? > > gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID > 7C174863 > > > I don't > > know what people usually do. Probably compare the fingerprints with each > > other before they sign and trust. How Evolution works, I really don't > > know. > > > > My key weren't confirmed in my sent messages before I trusted my own > > key. So I guess that's what other people that trust me have to do too. > > Let's see now I once imported your PK ... :-)
Like others have pointed out. You can't sign nor trust my public key, only because you found it on a server, or in my signature. Because you simply don't know who I am. Or if I'm The Stig at all. I barely even sign/trust keys belonging to people I have actually met. I've only signed two of many keys. I don't encrypt just for fun, and when I do, I usually don't use this email address. People working with this for years have much sensible to say about this. And when it comes to Evolution, it only recognize those keys I already added to my key-ring. People I know but not necessarily trust. And there is definitely no need to sign or trust a key belonging to a stranger in a mailing list. :) Best regards, Stig
signature.asc
Description: This is a digitally signed message part
_______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
