On Mon, 2008-09-22 at 09:55 -0400, Art Alexion wrote: > > It just means that your key isn't signed by anyone trusted by the > > recipients (such as yourself). You either need to exchange > signatures > > with them, preferrably using some out-of-band mechanism such as > direct > > contact, or have a mutually trusted third party do it. Read up on > the > > "web of trust" in the GPG docs. > > As Patrick points out, this is appropriate behavior. What it is > saying > is that this is a valid signature, based on the person who uploaded > the > key, but there is no proof that the person who uploaded the key is > really you.
Sorry, that's not what I'm saying (or what the GPG error means). First of all, there's no indication that the key was "uploaded" anywhere so you can't assume it's being checked against a key server such as pgp.mit.edu. Second, the validity of the signature has nothing to do with whoever uploaded it (if in fact anyone did), and everything to do with whoever signed it. Whether you trust the signature or signatures (you can have any number of them) is the only thing that matters. poc _______________________________________________ Evolution-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/evolution-list
