This is probably nothing but while I was downloading the samba source, I used gpg to confirm it was still in pristine condition.
$ gpg --import samba-pubkey.asc
$ gpg --verify samba-release.tar.[bz2|gz].asc
I got the following response as hoped…
gpg: Signature made Tue 26 Nov 2002 07:12:04 PM CST using DSA key ID 2F87AF6F
gpg: Good signature from "Samba Distribution Verification Key
but I also got the following…
Could not find a valid trust path to the key. Let’s see whether we can assign some missing owner trust values.
No path leading to one of our keys found
gpg: Warning: This key is not certified with a trusted signature.
gpg: There is no indication that the signature belongs to the owner.
I followed what seemed to be some very simple instructions. Downloaded the tar file and the asc file associated with that file and the pubkey.asc file and then ran the commands above.