Kathey Marsden wrote: > I attempted to verify the release with gpg and get: > > [C:/kmarsden/projects/10.4.2.0] gpg --verify > db-derby-10.4.2.0-bin.zip.asc > gpg: Signature made 08/26/08 06:59:54 using DSA key ID 98E21827 > gpg: Good signature from "Rick Hillegas <[EMAIL PROTECTED]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 8F57 86E6 ED0B D91C 1BB8 36FD 3D8B 00E1 98E2 1827 > > I see in the KEYS file that it doesn't look like Rick's key has been > signed by anyone. > > pub 1024D/98E21827 2006-02-04 > uid Rick Hillegas <[EMAIL PROTECTED]> > sig 3 98E21827 2006-02-04 Rick Hillegas <[EMAIL PROTECTED]> > sub 2048g/EA8075A5 2006-02-04 > sig 98E21827 2006-02-04 Rick Hillegas <[EMAIL PROTECTED]> > > -----BEGIN PGP PUBLIC KEY BLOCK----
I did not get this warning, as Rick's key is signed by several people whose signature I trust to some degree. You can see the list of public signatures for example by accessing a keyserver's web interface: http://keyserver.mine.nu/pks/lookup?op=vindex&fingerprint=on&search=0x3D8B00E198E21827 Try doing gpg --refresh-keys and see if it helps. -- John
