On Sun, 1 Apr 2007 09:35:19 -0400
Michael Pobega <pobega@gmail.com> wrote:
Hello Michael,
> gpg: Good signature from "Andrei Popescu <andreimpopescu@gmail.com>"
> gpg: WARNING: This key is not certified with a trusted signature!
[snip]
> Looks like it should work to me; 70859BD9 is the same ID, no?
Yes, you've got the right key, and it *has* verified. However, since
Andrei's key is not included in your web-of-trust, GPG gives the
warning. A valid signature != a trusted signature.
You can edit the trust levels of people's keys, but until you can
ascertain that the key belongs to whoever claims ownership, you can't
be certain you've got the right person. Look at
http://www.rubin.ch/pgp/weboftrust.en.html for an explanation of trust
usage.
AFAIAA, no-one has verified my PGP key as held by the key-servers. If
they have, I'd be suspicious, because nobody has ever contacted me to
verify my ID.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
Life goes quick and it goes without warning
Bombsite Boy - The Adverts
Attachment:
signature.asc
Description: PGP signature