Gentoo Archives: gentoo-security

From: Randy Barlow <randy@×××××××××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key
Date: Tue, 01 Apr 2008 15:55:16
Message-Id: 47F25AAE.60200@electronsweatshop.com
In Reply to: Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key by Matthias Bethke
Matthias Bethke wrote:
> As far as I can see, the PGP Global Directory does no verification apart > from checking that an email address exists, so its signature isn't worth > much for the WoT. The GSWoT signatures on the other hand mean the owner > of the key has been personally checked by an introducer. It's a matter > of taste but I usually don't sign role account keys, I think they should > be signed by members of the institution (the introducers in this case) > whom I can choose to trust because their identity can be verified. So as > I wanted to trust the GSWoT key, I just imported some intermediate keys > to build a couple of marginal trust paths via people I've met > personally.
http://xkcd.com/364/ -- Randy Barlow http://electronsweatshop.com -- gentoo-security@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-security] gpg keys; GSWoT & PGP Global Directory Key Eric Martin <freak4uxxx@×××××.com>