Charly Avital wrote on 19.01.2008 18:26: > Vlad "SATtva" Miller wrote the following on 1/19/08 6:01 AM: > [...] > | Here for example (in the bottom) you may see two subkeys with binding > | signatures expired at 2007-12-31: > | > http://pool.sks-keyservers.net:11371/pks/lookup?search=0x8443620A&op=vindex > > So it is. > > | But if you look at the original copy you'll see that all regenerated > | sigs are in place: > | http://www.vladmiller.info/contacts/openpgp.txt > > After importing that keyblock: [snip] > [name]$ gpg --edit-key 8443620A > gpg (GnuPG) 1.4.8; Copyright (C) 2007 Free Software Foundation, Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > > pub 4096R/8443620A created: 2006-12-21 expires: never usage: SC > ~ trust: unknown validity: unknown
. vvvvvvvvvvvvvvvvvvv > sub 2048R/070E0B73 created: 2006-12-21 expires: 2010-01-01 usage: S > sub 2048R/7D57ED51 created: 2006-12-21 expires: 2010-01-01 usage: E . ^^^^^^^^^^^^^^^^^^^ So here's an explicit distinction between what we got from a keyserver and from the gpg output. [snip] > In my system now: > > I have not signed your key And you should not. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users