On Sat, Feb 10, 2001 at 07:54:49PM +0100, Carel Fellinger wrote: > On Sat, Feb 10, 2001 at 06:11:01PM +0100, marcoghidinelli wrote: > ... > > for the debian-developer keys: > > apt-get install debian-keyring > > > > I've done this some time ago, but now I get: > > [-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --] > gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399 > gpg: Good signature from "Marco Ghidinelli <email@example.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > gpg: Fingerprint: 1C34 97F7 1837 D525 7E3F C883 B572 DF1A EBF1 5399 > [-- End of PGP output --] it's right. the signature was verified with the copy distribuited on public keyserver. (i'm not a debian developer and you cannot get my public keys in the debian-keyring) > But I'm quit willing to trust debian developers in general. > I trust them > with the packages, might as well trust their identity:) I'm a bit uncertain > how to achieve this though. Is it enough if I tell gpg to trust James Troup? who is james troup?? i think that you must trust all the keys from debian-keyring. -- BOFH excuse #235: The new frame relay network hasn't bedded down the software loop transmitter yet.
Description: PGP signature