TID: FMail-lnx64 2.1.0.18-B20170815
RFC-X-No-Archive: Yes
TZUTC: 0100
CHRS: UTF-8 2
PID: GED+LNX 1.1.5-b20161221
MSGID: 2:280/464 5e18a09d
REPLY: 2:221/360.0 5e18994a
Hi August,

On 2020-01-10 17:33:30, you wrote to me:

 WvV>> gpg: WARNING: no command supplied. Trying to guess what you
 WvV>> mean... gpg: Signature made 01/09/20 23:20:12 W. Europe
 WvV>> Standard Time gpg: using RSA key 3BB37DA84A97932B gpg: Good
 WvV>> signature from "Wilfred van Velzen " [full]
 WvV>> gpg: aka "Wilfred van Velzen " [unknown] gpg:
 WvV>> aka "[jpeg image of size 5943]" [unknown]

 WvV>> So...?

 WvV>> Maybe Tommi and/or Mark can try to verify it.

 AA> According to the dates (and time), we have exactly the same version of
 AA> your keys.  So, if Tommi (or me) signed your key, and I refreshed your
 AA> keys on my systems, then the error "BAD signature" message to me would
 AA> go away?

No. 'BAD signature' really means a bad signature!

 AA> BAD signature sounds misleading.  It's that you just don't have anyone
 AA> to have vouched for you yet?

Nope that isn't it!

When I try to check a signature on a message that was signed with a key which
I haven't signed yet I get for instance:

gpg: Signature made do 09 jan 2020 22:18:14 CET using RSA key ID 5789589B
gpg: Good signature from "August Abolins " [unknown]
gpg:                 aka "August Abolins "
[unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D0EB 2A29 5204 F316 7EB2  503C EF0E 8965 5789 589B

That still says 'Good signature'! But gives a warning about the key.


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
 * Origin: FMail development HQ (2:280/464)
SEEN-BY: 1/123 90/1 154/10 203/0 221/0 227/114 229/426 1014 240/5832
SEEN-BY: 249/206 317 400 280/464 5003 292/854 310/31 317/3 322/757
SEEN-BY: 342/200 396/45 423/120 712/848 770/1 2452/250
PATH: 280/464 229/426