Re: Apt-get package verification
On Sat, Feb 10, 2001 at 06:11:01PM +0100, marcoghidinelli wrote:
> for the debian-developer keys:
> apt-get install debian-keyring
I've done this some time ago, but now I get:
[-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399
gpg: Good signature from "Marco Ghidinelli <email@example.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 1C34 97F7 1837 D525 7E3F C883 B572 DF1A EBF1 5399
[-- End of PGP output --]
But I'm quit willing to trust debian developers in general. I trust them
with the packages, might as well trust their identity:) I'm a bit uncertain
how to achieve this though. Is it enough if I tell gpg to trust James Troup?