On 2006-11-05 21:35, Carlos E. R. wrote:
The Sunday 2006-11-05 at 20:11 -0600, Darryl Gregorash wrote:
That's why I signed it (locally), but now you are telling us I should not have done that, in case it gets uploaded to a key server with my signature!?
There are two kinds of signings. The normal, default, one is exportable. The other one is local only and not exportable.
I know this, so why are you objecting to my signing your key locally? ;-)
In Thunderbird, that has a gpg key management section, when I chose to sign a key it will do so as exportable. I have to click "local" manually. In kgpg I don't remember.
I've never used Mozilla except to import a key with enigmail. I don't use kgpg, preferring to manage keys on the commandline.
Also, I don't even sign locally keys for which I don't have some kind of verification, even if marginal, because key checking will not tell me the diference when reading an email. But that is a personal choice. Perhaps I should re-think my policy -- your contributions to this list seemed to indicate that I could trust you
:-) :-0