-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Oct 21, 2007 at 08:50:17AM -0700, P T wrote:
>I downloaded clam av from the clam av site. However when I check the >signature I get that basically it isn't a trusted signature. How am I doing >this wrong? ># to get the key >> gpg --keyserver random.sks.keyserver.penguin.de --recv-keys 985A444B ># to verifiy the clam file. >> gpg --verify clamav-0.91.2.tar.gz.sig >> gpg: Signature made Mon 20 Aug 2007 06:21:05 PM CDT using DSA key ID >> 985A444B >> gpg: Good signature from "Tomasz Kojm <[EMAIL PROTECTED]>" >> gpg: aka "Tomasz Kojm <[EMAIL PROTECTED]>" >> gpg: aka "Tomasz Kojm <[EMAIL PROTECTED]>" See the signature matches (ie the math works to verify that the package has not been changed since the person with key 985a444b signed it). >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. This just means that *YOU* have not signed the key saying you trust it. That's normal, you should *NOT* just sign every key you come across. You should only sign keys of people you have personally met or worked with. - -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.22.9-desktop-1mdv 3 users, load average: 1.00, 0.90, 0.70 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHHQGpY2VBGxIDMLwRAkDxAJ9KIm68nYxeaxVr4/+t1sC5+RQa3ACdHvLB AYN26AlEspG7B5GTUIwRRdY= =xFWv -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
