Roger Leigh:
> On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
>> What I find more interesting is that the key 0x6294BE9B ("Debian CD
>> signing key") only has nine signatures and only one from someone using
>> his "official" @debian org address (0x3442684E, Steve McIntyre). That
>> could surely be improved. I am a little bit disappointed to learn that
>> even my fairly well-connected key doesn't help in finding a trust path
>> to the CD signing key.
>
-- snip
> All of the above named individuals are Debian developers. Note
> that the UID shown is just one of several on their key:
Ah, thanks, I overlooked that. I didn't recognize any names apart from
Steve and Neil. My fault.
I only (knowingly) signed one DD's key (AC583520) and that doesn't help
veryfing the CD signing key:
$ gpg --verify --max-cert-depth 10 MD5SUMS.sign
gpg: Signature made Sun 13 May 2012 02:02:13 PM CEST using RSA key ID 6294BE9B
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
BTW, does gpg offer any way to find a trust path between two keys in my
key ring?
J.
--
If nightclub doormen recognised me I would be more fulfilled.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature