[pkg-gnupg-maint] Bug#830479: Bug#830479: gnupg2: new trust level "poisoned"
Werner Koch
wk at gnupg.org
Fri Jul 8 12:54:19 UTC 2016
On Fri, 8 Jul 2016 09:49, sjr at debian.org said:
> with someone injecting the evil32 keys into the keyserver network it will
> only be a matter of time until someone signs one of these by accident.
I can't see how someone can accidentally sign a key. We do that key
signing abracadabra for more than 2 decades and all clients I have seen
make it pretty clear that you need to compare the fingerprint.
If you believe that someone does not check the fingerprint of a key
before they sign it, you should definitely set their ownertrust to
_never_. This way keys they sign are not considered in the WoT.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
More information about the pkg-gnupg-maint
mailing list