David T-G <[EMAIL PROTECTED]> writes:
> % What do you guys do? Put up with the warning? Sign the key even if
> % you're not sure? Use the X-PGP-Fingerprint header as a second
> % validation? Use fingerprints in signatures?
>
> I just put up with it unless I have the opportunity to meet up with
> someone. I'm considering using --lsign-key to keep things quiet but
> I then need to figure out how to differentiate between locally
> signed and globally signed keys for when I "care".
I accidentally used --lsign-key once, and I recall having a bitch of a
time when my friend and I couldn't figure out why my signature wasn't
showing up on his key on the keyservers :P
I think the best practice is to just not sign a key unless you meet
in person and verify identity, otherwise, just deal with the
warning. (it is there for a reason, after all :)
ttyl,
--
Josh Huber
