On Thu, 7 Aug 2008 09:32, [EMAIL PROTECTED] said: > I don't understand why, when the point is about verifying signatures (as > stated in the whatis entry). Why does it have to assume they are > trustworthy and then to use its very own keyring? I'd assume as a first
You need to know whether the key is really the key of the person or entity stated in the user ID of the key. gpg uses a couple of alternative mechanisms for this, the default is the Web of Trust. On request by Debian I once implemented gpgv to have a simple and straightforward mechsnism, only usable for verifying signatures. gpgv works on a set of keys which have been compiled from another database of trusted users and are all seen as valid, i.e. belonging to the person claimed in the UID. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
