On 20 July 2011 11:06, Nick <suckless-dev_AT_njw.me.uk> wrote:
> But just downloading the key from a keyserver, even if it isn't
> trusted by your web of trust, is better than e.g. just
> distributing a hash, [...]
The concept of PGP trust lies in the Web-of-Trust, nowhere else. If
you don't find a trust-path from you to the signing key, then the
signature does only provide the information of a checksum hash.
meillo
Received on Wed Jul 20 2011 - 12:32:32 CEST
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 12:36:02 CEST