On Sat, 2007-06-16 at 08:23 -0700, Les wrote: > All that is shown in my review window is your reply David, but when I > opened it to reply here, it seems there is more in the message. I am > also seeing a warning about your signature, saying "Valid signature, > cannot verify sender" That's to be expected. The signature needs something else to verify that they are who they claim to be. Generally, that's at least another counter-signature from someone, or some organisation, that you've trusted. Someone personally verifies that this signature comes from David, they see some credible identification from David that David is really David, they counter-sign his key with theirs. And so on the chain goes. It'll be flagged as unverified until at least one of the counter signatures is by someone/something that you trust (as a technical configuration issue, for PGP, that is). And on that note, I've yet to see a counter-signed key, and we really ought to have them on the package signatures. Sure, most are signed. But so what? Most of them are meaningless self-generated, not double-checked, signatures. -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
