[Catalog-sig] How to verify cheeseshop signatures?
"Martin v. Löwis"
martin at v.loewis.de
Sun Oct 23 19:07:09 CEST 2005
Phillip J. Eby wrote:
>
>> Jp Calderone wrote:
>> > The required key is indicated in the message. You just need to
>> retrieve it:
>> >
>> > gpg --import 41C6E930
>> >
>> > Re-running --verify should now work.
>
>
> It doesn't. I get "gpg: can't open `41C6E930': No such file or directory".
It's not --import, but --recv-keys. I get
martin at mira:~$ gpg --recv-keys 41C6E930
gpg: requesting key 41C6E930 from hkp server wwwkeys.pgp.net
gpg: key 41C6E930: "Richard Jones <richard at commonground.com.au>" 31 new
signatures
gpg: public key CA66D0B1 is 24595 seconds newer than the signature
gpg: public key CA66D0B1 is 24557 seconds newer than the signature
gpg: 3 marignal-needed, 1 complete-needed, classic Trust-Modell
gpg: depth: 0 valid: 3 signed: 40 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: public key CA66D0B1 is 24557 seconds newer than the signature
gpg: depth: 1 valid: 40 signed: 120 trust: 36-, 0q, 0n, 0m, 4f, 0u
gpg: depth: 2 valid: 60 signed: 151 trust: 53-, 0q, 0n, 0m, 7f, 0u
gpg: depth: 3 valid: 29 signed: 78 trust: 26-, 0q, 0n, 0m, 3f, 0u
gpg: depth: 4 valid: 6 signed: 8 trust: 5-, 0q, 0n, 1m, 0f, 0u
gpg: nächste "Trust-DB"-Pflichtüberprüfung am 2005-11-13
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: neue Signaturen: 31
> So, from a practical perspective, the current signature implementation
> is of no use whatsoever to the vast majority of cheeseshop users.
I can't speak for the vast majority of the cheeseshop users; the vast
majority of regular GPG users who ever signed somebody else's key is
probably able to find a chain of trust to Richard Jones.
> It seems like it would make more sense to use a format that includes a
> certificate signature chain (as with Ruby Gems). Having to manually
> track the keys of individual authors sort of goes against the whole point.
Why is that any better? Where do I get a code-signing certificate from?
Regards,
Martin
More information about the Catalog-sig
mailing list