[Bug 328735] Re: a key is put in "trusted keys" without it is signed

[marco.pallotta]

Michael I know that trusting and signing are technically two separate processes, but I also say again that from a logical point of view trusting should follow signing, that is I should assign a trust judgement to key (that is to person) that I know that are valid (that is the owner of that key is the person that I think he should be). 
The only reason I see to let the user to trust a key without signing it is related to a scenario in which the user (owner of the keyring) wants to assign trust judgements to people that he knows using the keys that are related to these people regardless to the fact that these key are really valid or not. That is collecting a sort of people trust list. In this scenario however that "dangerous" thing is that if the user discovers that a key isn't valid he should delete it but doing this he should also delete the trust judgement to that person; to the other side, in order to preserve trust judgement, he shouldn't delete the key once discovered that it isn't valid, but doing this he should have in his keyrings not valid keys in which either keys not yet checked for validity or keys already checked for validity (but not deleted) should cohabit togheter.
I think actual situation is misleading for the user and not very useful.



** Tags added: whishlist

-- 
a key is put in "trusted keys" without it is signed
https://bugs.launchpad.net/bugs/328735
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs