Not a gnupg problem. If the root cause for this behaviour is the
failure to link against libcurl, it's either the openssl ebuild or
openssl's own build system. I suspect the latter ...
# equery u openssl
[ Legend : U - final flag setting for installation]
[: I - package is installed with f
On 2015-02-10 12:28, Peter Lebbing wrote:
> On 09/02/15 20:34, Daniel Kahn Gillmor wrote:
> > the *date* of your "key was superceded" revocation is relevant,
> > though. Any certifications that claim to have happened after the date
> > of the revocation *should* be considered invalid, whereas revoc
On 09/02/15 20:34, Daniel Kahn Gillmor wrote:
> the *date* of your "key was superceded" revocation is relevant,
> though. Any certifications that claim to have happened after the date
> of the revocation *should* be considered invalid, whereas revocations
> that happen before that date (but after t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/10/2015 12:28 PM, Peter Lebbing wrote:
> On 09/02/15 20:34, Daniel Kahn Gillmor wrote:
>> the *date* of your "key was superceded" revocation is relevant,
>> though. Any certifications that claim to have happened after the
>> date of the revoca
On 10/02/15 12:52, Kristian Fiskerstrand wrote:
> No, the signature is still valid:
>
>> $ gpg2 --verify test.gpg gpg: Signature made Tue 10 Feb 2015
>> 11:53:47 CET using RSA key ID
> B2F1C0D8
>> gpg: Good signature from "Testkey 3" [unknown]
> ^^
>
In my opinion, the signat
On 10/02/15 13:24, Peter Lebbing wrote:
> If you're convinced you're not mistaken, could you please take the time
> to show me where this data signature from a revoked key is any different
> than a signature from any random invalid key?
Quick correction:
If you're convinced you're not mistaken, c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/10/2015 01:24 PM, Peter Lebbing wrote:
> On 10/02/15 12:52, Kristian Fiskerstrand wrote:
>> No, the signature is still valid:
>>
>
> Why? The key was revoked because it was superseded or has been
> retired, not because it was stolen or com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/15 13:30, Kristian Fiskerstrand wrote:
> Unless you rely on a trusted third party to provide signature stamps,
> signature dates can be forged. A key revocation should result in immediate
> questioning of all aspects of the key, as it current
On 2015-02-10 13:30, Kristian Fiskerstrand wrote:
> On 02/10/2015 01:24 PM, Peter Lebbing wrote:
> > On 10/02/15 12:52, Kristian Fiskerstrand wrote:
> >> No, the signature is still valid:
> >>
>
> >
> > Why? The key was revoked because it was superseded or has been
> > retired, not because it wa
On Tue 2015-02-10 08:37:38 -0500, Hugo Osvaldo Barrera wrote:
> Also, I see no reason why I should not be able to assign a trust to a revoked
> key - I might trust it even if the author revoked it as superseded:
>
>
> $ gpg --edit 1BFBED44
> [... info on revoked key ...]
> gpg> lsign
> Key
I've been a linux user for less than a year and the only configure/make/install
I've done is for 2.0.26 and its dependencies (when I couldn't get the distro
supplied package 2.0.22 to work).
Now when I look at the dependencies for gnupg 2.1.1, I see that I need to
upgrade libassuan to 2.2.0, libg
Am Di 10.02.2015, 13:01:17 schrieb Daniel Kahn Gillmor:
> > I can even sit down with the owner of
> > the key and verify his ID and fingerprint and sign it, meaning
> > "this key belongs to this person, but was superseeded a week ago".
> > If actually influences the validity of anything he signed
Is there any way to see the progress of the IETF working group on
the draft Werner has submitted? I noticed that the draft expires in
May. In particular, I would like to know if 22 is going to be the IANA
standardized Public-Key Algorithm number.
signature.asc
Description: OpenPGP digital
On Tuesday 10 February 2015 10:37:38 Hugo Osvaldo Barrera wrote:
> On 2015-02-10 13:30, Kristian Fiskerstrand wrote:
> > On 02/10/2015 01:24 PM, Peter Lebbing wrote:
> > > On 10/02/15 12:52, Kristian Fiskerstrand wrote:
> > >> No, the signature is still valid:
> > > Why? The key was revoked because
On Tue 2015-02-10 14:09:59 -0500, Philip Jackson wrote:
> I've been a linux user for less than a year and the only
> configure/make/install
> I've done is for 2.0.26 and its dependencies (when I couldn't get the distro
> supplied package 2.0.22 to work).
>
> Now when I look at the dependencies for
On Tue 2015-02-10 13:20:03 -0500, Hauke Laging wrote:
>> your certifications (whether local or exportable) themselves have a
>> timestamp in them. It would be silly to certify a key and its user ID
>> after it was revoked by the owner; you'd be claiming "i believe that
>> right now this is the cor
Hello,
May I ask how one would sign public keys when a "master key" is
stored onto an USB stick ?
I followed instructions from [1]. Now I am in the process of
announcing my key transition to all old signers *but*, as a last
test, I just tested public signature with my "master key" and this is
whe
17 matches
Mail list logo