On Wed, 2013-08-21 at 13:38 +0200, Jochen Spieker wrote: > Essentially, you have a chicken and egg problem. Wrong! Keys usually are available by a keyserver you could trust, so for the first time you'll get the key this way. Such a package will update keys as long as the older keys still can be used.