On Sun, Sep 17, 2000 at 09:36:41PM +0200, Christian Surchi wrote:
> Hi,
> I'm processing my first NM and I'm in identification process. He is Tom
> Cato Amundsen <tomcato@iname.com>. He has a gpg key signed by Per
> Lundberg <plundis@debian.org>, but Per signed Tom's key with his new gpg
> key, and this key is not in keyring yet. I could only get that key from
> another keyserver, but it has neither a d.o id. How should I behave?
> Should I wait for that key in keyring or can I skip this step and work
> with Tom on following steps?
I think it would then depend on whether you can obtain a
trust path from that GPG key to Mr. Lundberg himself. If
it for example is signed by his old key which is in the
keyring or if it is signed by another developer, you can
verify that that particular key belongs to him. Otherwise,
it's just another key on a keyserver with no trust path.
Just my $0.02.
Cheers,
Shane
--
Shane Wegner: shane@cm.nu
http://www.cm.nu/~shane/
PGP: 1024D/FFE3035D
A0ED DAC4 77EC D674 5487
5B5C 4F89 9A4E FFE3 035D
Attachment:
pgpMfqIOscxAJ.pgp
Description: PGP signature