GNU-PG verifying question/confusion.

To: debian-user@lists.debian.org
Subject: GNU-PG verifying question/confusion.
From: Martin Bishop <martinbishop@crosswinds.net>
Date: Wed, 15 Mar 2000 10:41:17 +1100
Message-id: <[🔎] 20000315104117.A15183@blade.net>

Hi,

I've search the mailing list archives and couldn't find
the answer so I'm trying here hoping someone could
help.

When I run:
gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2

I get this result:
gpg: Signature made Sat Jan 29 10:18:19 2000 EST using DSA key ID 1E1A8782
gpg: Good signature from "Linux Kernel Archives Verification Key <ftpadmin@kernel.org>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 9DB4 C3A4 EF2A 3111 9072  82F3 F2A5 75DC 1E1A 8782

My question:
Does this means that the linux-2.3.41.tar.bz2 is no good or
that the "sign" file is no good?

I got the public signature key from here:
"http://www.kernel.org/signature.html"; and
I've imported this key.

Any help is appreciated.

MB.

Reply to:

Follow-Ups:
- Re: GNU-PG verifying question/confusion.
  - From: Bruce Sass <bsass@freenet.edmonton.ab.ca>
- Re: GNU-PG verifying question/confusion.
  - From: Jonas Steverud <d4jonas@dtek.chalmers.se>

Prev by Date: bitchx screens?
Next by Date: Re: root unknown
Previous by thread: bitchx screens?
Next by thread: Re: GNU-PG verifying question/confusion.
Index(es):
- Date
- Thread