GPG trusted signatures, dpkg-buildpackage & gpg

To: debian-devel@lists.debian.org
Subject: GPG trusted signatures, dpkg-buildpackage & gpg
From: Joe Drew <hoserhead@woot.net>
Date: Wed, 15 Sep 1999 17:22:50 -0400
Message-id: <[🔎] 19990915172250.A3811@scorpio.woot.net>
Mail-followup-to: debian-devel@lists.debian.org

gpg: Signature made Wed Sep 15 12:08:31 1999 EDT using DSA key ID 2FA3BC2D
gpg: Good signature from "Wichert Akkerman <wakkerma@debian.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D

I get this with every signature verification. It didn't mention anything about
trusted signatures, etc., in the keysigning-howto. Is it just an annoyance
or can I set up something with my trustdb in gpg which will stop this?
(Is there one person who signs all Debian developer keys?)

Also, I think I read something about dpkg-buildpackage automatically
choosing gpg when you haven't got a .pgp/secring.pgp - I haven't got
one, but it still chooses PGP anyways. What's up? (My pgp keyrings
are in the ~/.gnupg directory)

Reply to:

Follow-Ups:
- Re: GPG trusted signatures, dpkg-buildpackage & gpg
  - From: Philip Hands <phil@hands.com>
- Re: GPG trusted signatures, dpkg-buildpackage & gpg
  - From: Wichert Akkerman <wichert@cs.leidenuniv.nl>

Prev by Date: Re: ttyS0 vs cua0
Next by Date: w only giving `-' as the FROM field
Previous by thread: Re: Strange mail from Anders Arnholm (was Re: /opt/ again (was Re: FreeBSD-like approach for Debian? [was: ...]))
Next by thread: Re: GPG trusted signatures, dpkg-buildpackage & gpg
Index(es):
- Date
- Thread