Am 10.06.21 um 21:33 schrieb Werner Koch: > On Mon, 31 May 2021 21:08, mailinglisten--- said: >> Hello, >> >> is there a reason why the new software distribution key for GnuPG ( >> 0x528897B826403ADA ) comes with no chain of trust at all? It does not >> have any signature from any preceding key. > > I see > > pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] > 6DAA6E64A76D2840571B4902528897B826403ADA > uid [ full ] Werner Koch (dist signing 2020) > sig!3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) > sig! 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) > sig! 63113AE866587D0A 2020-08-24 w...@gnupg.org > sig! E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit > signing) > > But you are right, the distributed key (gnugp tarball, website) has the > key signatures removed. The problem is that you won't receive any key > signature from the usual keyserver. > > I'll see that we can update the keys on the web and in gnupg. The above > mentioned key with all key sigs is attached.
Indeed, the keyserver issue is a real pain that probably won´t go away soon... Lucky to have your own hosted web site or mail provider supporting WKD... Thanks for all efforts! regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users