[arch-general] GPG signature

Sun Jan 23 06:15:33 EST 2011

On 2011-01-23 at 11:07 +0100, Karol Babioch wrote:
> Am 23.01.2011 10:42, schrieb Guillaume ALAUX:
> > I imported both Karol's signature and yours and Evo says the
> > signature is valid. It just complains as I haven't signed nor
> > set any trust on it but this is the right behavior.
>
> thanks for your positive reply, I already thought of a bad
> setup here :).

Well, Mutt tells me that your key has expired:

    gpg: Signature made Sun 23 Jan 2011 11:07:18 AM CET using RSA key ID 479F3215
    gpg: Good signature from "Karol Babioch <karol at babioch.de>"
    gpg:                 aka "Karol Babioch <johnpatcher at web.de>"
    gpg: Note: This key has expired!
    Primary key fingerprint: 758A B783 45F8 9BD7 CFE6  615D 749A 65CD 479F 3215

> > What does the signature of my email says?
>
> Basically the same, your signature is valid, but not trusted.

Same here with mutt 1.5.21-1 and gnupg 1.4.11-2:

    gpg: Signature made Sun 23 Jan 2011 10:42:22 AM CET using DSA key ID 215B37AD
    gpg: Good signature from "Guillaume ALAUX <guillaume at alaux.net>"
    gpg:                 aka "Guillaume ALAUX <galaux at linagora.com>"
    gpg:                 aka "Guillaume ALAUX <guillaume at linux.com>"
    gpg:                 aka "Guillaume ALAUX <guillaume at archlinux.org>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 4D91 3AEC D817 26D9 A6C7  4F0A DA64 26DD 215B 37AD