[pkg-gnupg-maint] Bug#830479: Bug#830479: gnupg2: new trust level "poisoned"

Werner Koch wk at gnupg.org
Fri Jul 8 12:54:19 UTC 2016

On Fri,  8 Jul 2016 09:49, sjr at debian.org said:

> with someone injecting the evil32 keys into the keyserver network it will
> only be a matter of time until someone signs one of these by accident.

I can't see how someone can accidentally sign a key.  We do that key
signing abracadabra for more than 2 decades and all clients I have seen
make it pretty clear that you need to compare the fingerprint.

If you believe that someone does not check the fingerprint of a key
before they sign it, you should definitely set their ownertrust to
_never_.  This way keys they sign are not considered in the WoT.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf  <https://openpgp-conf.org> */

More information about the pkg-gnupg-maint mailing list