Hi August,

On 2020-01-10 17:33:30, you wrote to me:

 WvV>> gpg: WARNING: no command supplied. Trying to guess what you
 WvV>> mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
 WvV>> Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
 WvV>> signature from "Wilfred van Velzen " [full]
 WvV>> gpg: aka "Wilfred van Velzen " [unknown] gpg:
 WvV>> aka "[jpeg image of size 5943]" [unknown]

 WvV>> So...?

 WvV>> Maybe Tommi and/or Mark can try to verify it.

 AA> According to the dates (and time), we have exactly the same version of
 AA> your keys.  So, if Tommi (or me) signed your key, and I refreshed your
 AA> keys on my systems, then the error "BAD signature" message to me would
 AA> go away?

No. 'BAD signature' really means a bad signature!

 AA> BAD signature sounds misleading.  It's that you just don't have anyone
 AA> to have vouched for you yet?

Nope that isn't it!

When I try to check a signature on a message that was signed with a key which I
haven't signed yet I get for instance:

gpg: Signature made do 09 jan 2020 22:18:14 CET using RSA key ID 5789589B
gpg: Good signature from "August Abolins " [unknown]
gpg:                 aka "August Abolins "
[unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D0EB 2A29 5204 F316 7EB2  503C EF0E 8965 5789 589B

That still says 'Good signature'! But gives a warning about the key.


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815