GPG on Linux kernel source
Recently I tried to verify the source from www.linux.org, but I had the
okidz@bdg:~$ gpg --verify linux-2.4.4.tar.bz2.sign linux-2.4.4.tar.bz2
gpg: Signature made Sat Apr 28 08:48:08 2001 JAVT using DSA key ID
gpg: Good signature from "Linux Kernel Archives Verification Key
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
gpg: Fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
I don't get it; would anybody decipher the message in plain English,
BTW, for verification of originality of the tarball, wouldn't it be
easier using MD5?
okidz@bdg:~$ md5sum linux-2.4.4.tar.bz2
I think so; there's no server to connect to, and there's no signature
file to retrieve.
The JanosVM supports separate per-team heaps, per-team garbage
collection threads, inter-team thread migration, safe cross-team
reference objects, and a spiffy tutorial.