[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get package verification

On Sat, Feb 10, 2001 at 06:11:01PM +0100, marcoghidinelli wrote:
> for the debian-developer keys: 
> apt-get install debian-keyring

I've done this some time ago, but now I get:

[-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399
gpg: Good signature from "Marco Ghidinelli <marcogh@atdot.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 1C34 97F7 1837 D525 7E3F  C883 B572 DF1A EBF1 5399
[-- End of PGP output --]

But I'm quit willing to trust debian developers in general.  I trust them
with the packages, might as well trust their identity:)  I'm a bit uncertain
how to achieve this though.  Is it enough if I tell gpg to trust James Troup?

groetjes, carel

Reply to: