GPG on Linux kernel source

To: debian-user@lists.debian.org
Subject: GPG on Linux kernel source
From: Oki DZ <okidz@bdg.pindad.com>
Date: Wed, 09 May 2001 12:28:33 +0700
Message-id: <[🔎] 3AF8D581.95BCEAEE@bdg.pindad.com>

Hi,

Recently I tried to verify the source from www.linux.org, but I had the
following:
okidz@bdg:~$ gpg --verify linux-2.4.4.tar.bz2.sign linux-2.4.4.tar.bz2
gpg: Signature made Sat Apr 28 08:48:08 2001 JAVT using DSA key ID
517D0F0E
gpg: Good signature from "Linux Kernel Archives Verification Key
<ftpadmin@kernel.org>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: C75D C40A 11D7 AF88 9981  ED5B C86B A06A 517D 0F0E

I don't get it; would anybody decipher the message in plain English,
please?

BTW, for verification of originality of the tarball, wouldn't it be
easier using MD5?

okidz@bdg:~$ md5sum linux-2.4.4.tar.bz2
b2cb01dfca76829c31ddc61445e4bbb9  linux-2.4.4.tar.bz2

I think so; there's no server to connect to, and there's no signature
file to retrieve.

Oki

-- 
The JanosVM supports separate per-team heaps, per-team garbage
collection threads, inter-team thread migration, safe cross-team
reference objects, and a spiffy tutorial.
             http://www.cs.utah.edu/flux/janos/janosvm-0.5.0/ANNOUNCE

Reply to:

Follow-Ups:
- Re: GPG on Linux kernel source
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>
- Re: GPG on Linux kernel source
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>
- Re: GPG on Linux kernel source
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: Re: libXaw.a
Next by Date: Re: rsync source tree
Previous by thread: Include doesn't work in rsync from potato?
Next by thread: Re: GPG on Linux kernel source
Index(es):
- Date
- Thread