I was under the impression that you can have your key signed by a generally trus... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		antnisp on Feb 22, 2016 \| parent \| context \| favorite \| on: Beware of hacked ISOs if you downloaded Linux Mint... I was under the impression that you can have your key signed by a generally trusted CA.

technion on Feb 23, 2016 [–]

GPG has no central CAs, but relies on a "web of trust" situation. In reality, there's no one central that everyone trusts, so unless the keys are signed by some individual you personally trust, you're down to being reliant on getting valid keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact