Re: OT: More about GPG signing
On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote:
> If that was the strategy everybody adopted with PGP, there'd be very
> few, if any, keys signed, ever.
This *is* the strategy that most people use for PGP.
> Thanks for the advice but I think I'll pass.
You are entitled to maintain whatever local policy for signing you want: but,
it weakens your position in a web of trust if your signatures are 'weaker' than
other peoples. It means any trust path that flows through a signature of yours
GPG lets you choose a 'trust level' for keys. I'd suggest at least using a
low-level value for keys you haven't validated.