Manoj Srivastava <sriva...@debian.org> writes: > On Tue, Sep 02 2014, Matthias Urlichs wrote: >> there's a GPG option (via the the *-cert-level options, see 'man gpg') >> to state how carefully you did verify their identity, but ultimately >> it's up to you. > > That is not how I interpreted that option to mean. > > ,----[ http://tools.ietf.org/html/rfc4880#section-5.2.3.13 ] > | 5.2.3.13. Trust Signature > | (1 octet "level" (depth), 1 octet of trust amount) [...] > ,----[ http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html ] > | tsign is just like sign (or lsign) except that you are asked a few > | more questions by GnuPG. Think of tsign as a combination of a regular > | signature plus the ownertrust. This combines two different things > | from the classic trust model into one signature.
You looked at trust signatures, not at the --*-cert-level options. These are unrelated to each other. Ansgar -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8561h6oruu....@tsukuyomi.43-1.org
