-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-11-05 at 19:12 -0600, Darryl Gregorash wrote:
Signatures are very easily uploaded to keyservers. You have to select "local signature only" in order to make sure you don't.
I should revoke the signature I put on your key, then, in case I accidentally upload it. ;-)
Absolutely! :-) You shouldn't sign my key: for all you know I could have a different name, or somebody could have altered the key that reached you, or somebody could have impersonated me. Of course, if you don't sign keys, you will see something like "UNTRUSTED Good signature from...", on those emails, but that's aboslutely right. It means that the signature matches the key you downloaded, the email has not been altered in transit, and that it says to come from such person. The only thing you don't know is that "such" person is really that person. If you have to sign keys that you think you can trust, but can not vouch for them, do that locally. That's what I did with the suse keys that came with the dvd. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTpX/tTMYHG2NR9URAv/xAJ0QEaD3HOuDwC5CI/vHS4GCLsiKoQCdEpaw 1JlN7uq2jzW/IPwtzMRMVYY= =tWjq -----END PGP SIGNATURE-----