Roger Leigh: > On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote: >> What I find more interesting is that the key 0x6294BE9B ("Debian CD >> signing key") only has nine signatures and only one from someone using >> his "official" @debian org address (0x3442684E, Steve McIntyre). That >> could surely be improved. I am a little bit disappointed to learn that >> even my fairly well-connected key doesn't help in finding a trust path >> to the CD signing key. > -- snip > All of the above named individuals are Debian developers. Note > that the UID shown is just one of several on their key: Ah, thanks, I overlooked that. I didn't recognize any names apart from Steve and Neil. My fault. I only (knowingly) signed one DD's key (AC583520) and that doesn't help veryfing the CD signing key: $ gpg --verify --max-cert-depth 10 MD5SUMS.sign gpg: Signature made Sun 13 May 2012 02:02:13 PM CEST using RSA key ID 6294BE9B gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B BTW, does gpg offer any way to find a trust path between two keys in my key ring? J. -- If nightclub doormen recognised me I would be more fulfilled. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature