Eugene Smiley on Thu, 27 Feb 2003 15:41:09 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gabe wrote:
> On Thu, Feb 27, 2003 at 02:21:43PM -0500, Jeff Abrahamson wrote:
>> This advice *sounds* good, but is bothersome in its own way
>> because Mutt says
>>
>>   gpg: Signature made Thu 27 Feb 2003 01:12:16 PM EST using DSA
>>   key ID 49E1CBC9 gpg: Can't check signature: public key not found
>>
>> Moreover,
>>
>> jeff@asterix:Mutt $ gpg --list-sigs |grep  49E1CBC9
>> jeff@asterix:Mutt $ gpg --list-sigs |grep  -i shaw
>> sig 2   P   99242560 2002-11-09   David M. Shaw
>> <dshaw@jabberwocky.com> [...] jeff@asterix:Mutt $ gpg --recv-keys
>> 49E1CBC9 gpg: no valid OpenPGP data found.
>> gpg: Total number processed: 0
>> jeff@asterix:Mutt $
>
> What keyservers have you tried?

This won't matter... This is the subkeyID for the singing key the keyserver
don't handle multiple subkeys properly... He's posted it to
http://www.jabberwocky.com/key.asc.

> David's key isn't in www{,.us}.pgp.net nor in keyserver.kjsl.com
> (which I've switched over to because it handles multiple subkeys
> and multiple self-signatures properly... or claims to, anyway; this
> from http://keyserver.kjsl.com/~jharris/keyserver.html).
>
> Keep in mind David's also having mentioned that he's using a
> development version of GnuPG, and that someone using that nym and
> email address is a GnuPG developer. So if this is some kind of
> plot, it's a pretty elaborate one. (And, who cares if it *is* a
> plot in this circumstance, since, from what I can tell, his advice
> has been correct thus far. I didn't just blindly run the commands
> he suggested, obviously, but I wouldn't do that under any
> circumstances.) Seems more likely to guess that he's using this
> development version of GnuPG with a non-permanent key in case
> something goes wrong.

I believe he's the real David Shaw. ;) Question is, since you and I have
never met, do you believe I am me?

> It'd still be nice to see some cross-signing and propogation of the
> key, though.

Import the key above... It's signed by PLUG members including Jeff if I
recall.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPl53rukD7QKn7f0vEQLEDQCgwFKyAUKRAf5LiHk4tF1fP2RvH9kAnjgE
aJVrvQVDjGQIfuYeCRnxet0v
=XRs9
-----END PGP SIGNATURE-----

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug