on Wed, May 09, 2001 at 12:28:33PM +0700, Oki DZ (okidz@bdg.pindad.com) wrote: > Hi, > > Recently I tried to verify the source from www.linux.org, but I had the > following: > okidz@bdg:~$ gpg --verify linux-2.4.4.tar.bz2.sign linux-2.4.4.tar.bz2 > gpg: Signature made Sat Apr 28 08:48:08 2001 JAVT using DSA key ID > 517D0F0E > gpg: Good signature from "Linux Kernel Archives Verification Key > <ftpadmin@kernel.org>" > Could not find a valid trust path to the key. Let's see whether we > can assign some missing owner trust values. > > No path leading to one of our keys found. > > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > gpg: Fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E > > I don't get it; would anybody decipher the message in plain English, > please? The trojan has been delivered intact from a key you don't trust. > BTW, for verification of originality of the tarball, wouldn't it be > easier using MD5? The trojan has been delivered intact. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpnAOIIzS_9b.pgp
Description: PGP signature