On Sat, 22 Mar 2025 17:16:38 -0400 "K. M. Peterson via Gnupg-users" <gnupg-users@gnupg.org> wrote: > > I am still somewhat unclear about and sadly unaware of the current > state of the world of keyservers;
The keyserver concept is broken since there were some attacks in the past, and there are GDPR issues, too. A modified setup is still available, but WKD is an alternative and some users' keys are here and some there. > While the gnupg-announce emails cover where/how to verify the > artifacts from the project, the emails themselves I receive seem to > be signed by a key that I'm unable to either verify nor add to my > keyring to trust. In particular, my client informs me that the mail > is signed by a key with fingerprint > 0x8777461F2A074EBC480D359419CC1C9E085B107A - but I can't find that on > any of the keyservers that I can access. This seems to be Werner's key, but it is the fingerprint of a subkey. The key is AFAIK not on a keyserver but it should be available via WKD: $ gpg -v --auto-key-locate clear,wkd,nodefault --locate-external-keys w...@gnupg.org Once Werner's key is imported or updated, it should show up: $ gpg --list-keys --with-fingerprint --with-fingerprint | grep -B2 "8777 461F 2A07 4EBC 480D 3594 19CC 1C9E 085B 107A" The option for the fingerprint is invoked twice. -- kind regards Frank
pgp9N4pA69K1o.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
