On Fri, Aug 20, 2021 at 11:12:09AM -0600, Jonathan Corbet wrote: > This looks fine to me, but I'd like Konstantin [CC'd] to have a look and > let me know if he agrees... Yes, this looks good to me. The entire section needs a more in-depth rewrite, but I'm not ready for that work yet, and this patch at least removes a dead link and offers some alternatives. Reviewed-by: Konstantin Ryabitsev <konstantin@xxxxxxxxxxxxxxxxxxx> Thank you! -K > > -Next, open the `PGP pathfinder`_. In the "From" field, paste the key > > -fingerprint of Linus Torvalds from the output above. In the "To" field, > > -paste the key-id you found via ``gpg --search`` of the unknown key, and > > -check the results: > > - > > -- `Finding paths to Linus`_ > > +Next, find a trust path from Linus Torvalds to the key-id you found via ``gpg > > +--search`` of the unknown key. For this, you can use several tools including > > +https://github.com/mricon/wotmate, > > +https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/tree/graphs, and > > +https://the.earth.li/~noodles/pathfind.html. > > > > If you get a few decent trust paths, then it's a pretty good indication > > that it is a valid key. You can add it to your keyring from the > > @@ -962,6 +961,3 @@ administrators of the PGP Pathfinder service to not be malicious (in > > fact, this goes against :ref:`devs_not_infra`). However, if you > > do not carefully maintain your own web of trust, then it is a marked > > improvement over blindly trusting keyservers. > > - > > -.. _`PGP pathfinder`: https://pgp.cs.uu.nl/ > > -.. _`Finding paths to Linus`: https://pgp.cs.uu.nl/paths/79BE3E4300411886/to/C94035C21B4F2AEB.html
