[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

gpg implying potential tampering trouble...

This is probably nothing but while I was downloading the samba source, I used gpg to confirm it was still in pristine condition.


     $ gpg --import samba-pubkey.asc
     $ gpg --verify samba-release.tar.[bz2|gz].asc


I got the following response as hoped…


     gpg: Signature made Tue 26 Nov 2002 07:12:04 PM CST using DSA key ID 2F87AF6F
     gpg: Good signature from "Samba Distribution Verification Key "


but I also got the following…


Could not find a valid trust path to the key.  Let’s see whether we can assign some missing owner trust values.

No path leading to one of our keys found

gpg: Warning: This key is not certified with a trusted signature.

gpg: There is no indication that the signature belongs to the owner.


I followed what seemed to be some very simple instructions.  Downloaded the tar file and the asc file associated with that file and the pubkey.asc file and then ran the commands above.



Reply to: