[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt-get package verification

On Saturday 10 February 2001 12:54, Carel Fellinger wrote:
> On Sat, Feb 10, 2001 at 06:11:01PM +0100, marcoghidinelli wrote:
> ...
>
> > for the debian-developer keys:
> > apt-get install debian-keyring
>
> I've done this some time ago, but now I get:
>
> [-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
> gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID
> EBF15399 gpg: Good signature from "Marco Ghidinelli
> <marcogh@atdot.org>" gpg: WARNING: This key is not certified with a
> trusted signature! gpg:          There is no indication that the
> signature belongs to the owner. gpg: Fingerprint: 1C34 97F7 1837 D525
> 7E3F  C883 B572 DF1A EBF1 5399 [-- End of PGP output --]

I have the same problem with Martin Schulze's sigs.  I've retrieved the 
debian keyring from the website and from my CD,  I've manually 
retrieved his key from public keyservers and from the debian website  
All the fingerprints match.  I've signed his key on my keyring.  I even 
tried giving it full trust.  His sigs are still flagged as bad here.  
What have I missed?

-- 
Bud Rogers <budr@sirinet.net>   http://www.sirinet.net/~budr/zamm.html
    All things in moderation.  And not too much moderation either.
Reply to: