Re: gpg trust paths
[red face]
After commenting on Magnus cc'ing me, I then sent this to him instead
of the list. Oops. Sorry Magnus.
[/red face]
On Thu, 2008-05-15 at 11:00 +0100, Magnus Therning wrote:
> On Thu, May 15, 2008 at 12:17 AM, Richard Hector
> <richard@walnut.gen.nz> wrote:
> I have signed keys of several people who have been to
> keysigning parties
> at several debconfs, so I feel I should have a trust path to
> anybody of
> significance in the Debian community - though I could be
> proved wrong.
>
> I've also added the debian keyserver to my ~/.gnupg/options,
> as well as
> the keyring from the debian-keyring package.
>
> Is there a step I'm missing?
>
> AFAIU you'd need to have all keys of the entire path locally in your
> keyring in order for GPG to see a trusted path. If you don't want to
> download all the missing keys you could try a PGP pathfinder on the
> web (there are several that are easily found).
Thanks for the response (though no need to cc me).
However, having downloaded various keys, I can manually find a path with
only 2 intermediate hops.
The pathfinder at http://pgp.cs.uu.nl/ doesn't have Florian Weimer's
key, so can't find the full path, but can find a path to someone who has
signed it.
The bit that puzzles me is that despite me having all 4 keys, gpg
doesn't find a path.
Unless it's the bit about 'trusted' signatures? Perhaps one of those
signatures is insufficiently trustworthy in some sense?
Richard
Reply to: