Version: 1.9.6 (enterprise 0.20070907.709405) (using KDE 3.5.8, Kubuntu (gutsy) 4:3.5.8-0ubuntu1) Compiler: Target: x86_64-linux-gnu OS: Linux (x86_64) release 2.6.22-14-generic A screenshot is worth more than one hundred words, i'm attaching it later. Basically kmail says "The signature is valid, but the key's validity is unknown." when i have full trust on the key.
Created attachment 21828 [details] Screenshot showing kmail saying it doesn't know the trust of the key and kgpg and gpg --edit-key saying i have full trust on it
For the first time I've seen this also with kmail2 in KDE 4.9.1.
I found out the problem in my case. The other people keys were certified locally by a key which I later revoked. Certifying the keys again with a valid key solves the problem. Not a bug IMO.
That's your case, not mine
It only means that you didn't sign the key... I agree it is a bad thing and should be corrected because it incites people to sign each and every key without the "Very careful checking" signing should require... You can fully trust a sender and/or his/her key without having done a careful footprint checking and signed his/her key.
Pierre: There is a trust model in place to avoid having to sign every key to trust the owner. http://www.gnupg.org/gph/en/manual/x334.html Albert: You can see in your screenshot that you have unknown trust in the identitiy ottens@kde.org and thats what KMail says to you (I just takes it's information from gnupg for that matter). If kevin would have sent the mail as ervin@kde.org it would have been green. As you know that the identities ottens@kde.org and ervin@kde.org are the same person (keyholder) i see no reason why you should not sign this and then kmail would show it as valid/trusted again. But imagine the case that you trust my key aheinecke@intevation.de and then one day I decide to add ottens@kde.org to this identity and send you a mail. You would not want to see that as a valid signature.