Tim wrote: > On Wed, 2008-05-28 at 16:29 +0100, Bill Crawford wrote: > > What do you do if you encounter a key that's signed by both someone > > you trust personally, *and* someone you don't trust? > > I suppose that would depend on whether that was: You didn't know > whether to trust them, or you distrusted them. No. If A's key is signed with B's key, and B's key is known to be valid, and you trust that B signs keys responsibly, then A's key is valid, period. Other signatures are completely irrelevant. Nobody can make a key invalid by signing it, no matter how evil or irresponsible or untrustworthy they are. Björn Persson -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
