Hello all, Well, this mail is not only for debian-newmaint-discuss but because of the lot's of gpg issues I think it's important to mail this message here. I would like to tell you only that, how --list-sigs does NOT check anything. If you want to be sure that the key is signed you must use --check-sigs. I saw almost everyone using --list-sigs and it's very important to do not. If you can do, please include this in the appropiate documentaion. BTW, it would be good if the finger deamon at debian.org would use --check-sigs instead of --list-sigs. -- Lenart, Janos <ocsi@debian.org>
Attachment:
pgptehJkmISNK.pgp
Description: PGP signature