Web lists-archives.com

Convenient access to Debian keyrings


I'd like to ask for tips and ideas to make more convenient use of the
keyrings installed by the debian-keyring package.

Currently, I have mutt pass `--keyring /usr/share/keyrings/...` for each
of the keyrings, so that I can verify signatures on e-mails.  It would
be more natural to just add `keyring /usr/share/keyrings/...` to
~/.gnupg/gpg.conf, but when I tried this I often got errors from gpg
trying to write to the keyrings in /usr/share/keyrings.  Is there some
way to mark a keyring as read-only?

Another issue is that I'd like to mark the keys in the Debian keyrings
as trusted.  The default way of using PGP requires quite short trust
paths in order to consider a key trusted, but since our keyring is
curated, it is much less important for there to exist a short trust path
between my key and a DD's key -- if it's in the keyring, I have very
good reason to believe it really belongs to the person named in the
UID.  Is there some way to mark a whole keyring as trusted?


Sean Whitton

Attachment: signature.asc
Description: PGP signature