Am Donnerstag 07 April 2011 21:08:44 schrieb Daniel Kahn Gillmor: > > and mark it as "trusted-key" in the config file. > > I don't think this is either necessary or advisable.
I must admit that I haven't checked what happens during batch processing. If root does not have an own key for signing the public key in its own key ring then a warning occurs in interactive operation. If the untrusted public key is used anyway in batch mode then it is not necessary to mark it as "trusted- key". > If i understand > the docs correctly, it is equivalent to setting ultimate ownertrust on > the key, which has other consequences you might not intend. I don't see any problem there. Either root has its own key then this would be used for signing the public key instead of marking it as "trusted-key" or root does not have an own key then it is improbable that validity calculations are made by root gpg. But the better solution would be to sign it with the user key, import the public user key to the root key ring, import the signed other public key and mark the user key as "trusted-key". Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users