swox pgp keys

Niels Möller nisse@lysator.liu.se
07 Jan 2003 22:52:48 +0100

I have trouble verifying the signature that accompanies gmp-4.1.2. I

  $ gpg --verify gmp-4.1.2.tar.gz.asc gmp-4.1.2.tar.gz
  gpg: Warning: using insecure memory!
  gpg: Signature made Tue Dec 31 07:16:43 2002 CET using DSA key ID 769AFE02
  gpg: requesting key 769AFE02 from wwwkeys.us.pgp.net ...
  gpg: key 769AFE02: public key imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg: Good signature from "Swox AB (Software signing key 2002) <info@swox.com>"
  Could not find a valid trust path to the key.  Let's see whether we
  can assign some missing owner trust values.
  No path leading to one of our keys found.
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  gpg: Fingerprint: 6BAD 345C 629D 638B E4D7  2E13 FCBD DBD5 769A FE02

I have personally exchanged keys with Torbjörn, so I'm reasonably
confident that the key

  $ gpg --list-sigs tege
  gpg: Warning: using insecure memory!
  pub  1024R/16B7193D 2002-03-02 Torbjorn Granlund <tege@swox.com>
  sig        16B7193D 2002-03-02  Torbjorn Granlund <tege@swox.com>
  sig        A8F4C2FD 2002-03-08  Niels Möller <nisse@lysator.liu.se>

belongs to Torbjörn. I think it's reasonably to expect the keys for
tege@swox and info@swox to sign each other.