On 08/15/2018 02:34 PM, Japhering via evolution-list wrote:
>
> if I'm correct, then the following should resolve the yellow
>
>
> gpg --keyserver <public server> --recv-keys <keyID in question>
No, that's not enough. Anyone can upload a key to the keyservers. They
have no way to ensure that it actually belongs to a particular email
address.
That's where the web of trust comes in.
I'm not sure how to manage it in the GUI but from a terminal you use
"gpg2 --edit-key <keyID>"
Then set trust level with 'trust' and, unless you actually verified
identity with the key holder and feel comfortable telling other people
to trust it, use "lsign" or "ltsign" to give it a local only trust
signature.
If you did verify it and then "sign" it the next time GPG synchronizes
to the keyservers your signature will get added to that key.
--
Knowledge is Power -- Power Corrupts
Study Hard -- Be Evil
_______________________________________________
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
