GNU-PG verifying question/confusion.
Hi,
I've search the mailing list archives and couldn't find
the answer so I'm trying here hoping someone could
help.
When I run:
gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2
I get this result:
gpg: Signature made Sat Jan 29 10:18:19 2000 EST using DSA key ID 1E1A8782
gpg: Good signature from "Linux Kernel Archives Verification Key <ftpadmin@kernel.org>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 9DB4 C3A4 EF2A 3111 9072 82F3 F2A5 75DC 1E1A 8782
My question:
Does this means that the linux-2.3.41.tar.bz2 is no good or
that the "sign" file is no good?
I got the public signature key from here:
"http://www.kernel.org/signature.html" and
I've imported this key.
Any help is appreciated.
MB.
Reply to: