[red face] After commenting on Magnus cc'ing me, I then sent this to him instead of the list. Oops. Sorry Magnus. [/red face]
On Thu, 2008-05-15 at 11:00 +0100, Magnus Therning wrote: > On Thu, May 15, 2008 at 12:17 AM, Richard Hector > <[EMAIL PROTECTED]> wrote: > I have signed keys of several people who have been to > keysigning parties > at several debconfs, so I feel I should have a trust path to > anybody of > significance in the Debian community - though I could be > proved wrong. > > I've also added the debian keyserver to my ~/.gnupg/options, > as well as > the keyring from the debian-keyring package. > > Is there a step I'm missing? > > AFAIU you'd need to have all keys of the entire path locally in your > keyring in order for GPG to see a trusted path. If you don't want to > download all the missing keys you could try a PGP pathfinder on the > web (there are several that are easily found). Thanks for the response (though no need to cc me). However, having downloaded various keys, I can manually find a path with only 2 intermediate hops. The pathfinder at http://pgp.cs.uu.nl/ doesn't have Florian Weimer's key, so can't find the full path, but can find a path to someone who has signed it. The bit that puzzles me is that despite me having all 4 keys, gpg doesn't find a path. Unless it's the bit about 'trusted' signatures? Perhaps one of those signatures is insufficiently trustworthy in some sense? Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
