> gpg: Good signature from "Linux Kernel Archives Verification Key > <ftpadmin@kernel.org>" this means the signature matches the key. if you trust that the place you got the key from is secure and the key hasn't been compromised, then you can trust that the source is good. > Could not find a valid trust path to the key. Let's see whether we > can assign some missing owner trust values. >=20 > No path leading to one of our keys found. >=20 > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > gpg: Fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E >=20 > I don't get it; would anybody decipher the message in plain English, > please? as an added security mechanism, a key can be signed by someone other than the keyholder, basically verifying that the key is valid (your own keys are implicitly signed by yourself). these signatures can be used to build a so-called "web of trust". this message basically means that not enough people you trust have signed the key, which, if you're paranoid, means that you should not trust the key itself, and therefore don't trust the kernel source, since it could have been signed with the untrusted key. the system is pretty complicated, but it is well [0]documented. /ben [0] http://www.gnupg.org/docs.html -- |_ |_ | _ _ |_ PGP public key: http://www.wilykit.com/wilykit.key |_) . |_)|(_|(_ |\ "Never rub another man's rhubarb." -- Joker
Attachment:
pgpSJ1ukxNYZ8.pgp
Description: PGP signature