>> -----Original Message----- >> From: Doug Barton [mailto:dougb@dougbarton.email] >> Sent: Tuesday, March 17, 2015 3:07 PM >> To: Clark Rivard >> Subject: Re: Copy Current GPG Installation to Another Server >> gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID >> 4F25E3B6 >> gpg: Good signature from "Werner Koch (dist sig)" [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> >> You can safely ignore the warning, it simply means that you have not >> validated the key yourself, which when it comes to signed packages is >> not really a necessity.
Why is that? I understand getting a validated key can be tricky in practice, but on the other hand, using *just* a short key ID to do your verification feels like the other end of the spectrum... I think you should at least verify the fingerprint on a web site or something. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users