This is indeed an issue, since from the web of trust perspective, a user should trust the key itself only if it is "valid".
By setting "trust" in a key, you actually only trust keys signed by that key. See: http://www.gnupg.org/documentation/faqs.en.html#q4.7 I've commented on this more detailed, upstream: http://bugzilla.gnome.org/show_bug.cgi?id=571688#c2 -- a key is put in "trusted keys" without it is signed https://bugs.launchpad.net/bugs/328735 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
