Hi, I am a newbie and just got started with derby. I was doing what this page http://db.apache.org/derby/releases/release-10.5.1.1.cgi#Verifying+releases instructed.
The host is a redhat linux. uname -vro returns: 2.6.9-78.0.1.ELsmp #1 SMP Tue Jul 22 18:01:05 EDT 2008 GNU/Linux Here are responses from the two commands: [tsa...@vixen Derby]$ gpg --import KEYS gpg: key AB1B7EE4: "Daniel John Debrunner <[email protected]>" not changed gpg: key AB821FBC: "Samuel Andrew McIntyre (Apache Derby Project) <[email protected]>" not changed gpg: key 21EA3ECD: "Mike Matrigali <[email protected]>" not changed gpg: key 8E8367B1: "Satheesh Bandaram (Apache Derby Project) <[email protected]>" not changed gpg: key 99586C26: "Jean T. Anderson <[email protected]>" not changed gpg: key B1669287: "Kathey Marsden <[email protected]>" not changed gpg: key 98E21827: "Rick Hillegas <[email protected]>" not changed gpg: key 0C8EBFBE: "David Van Couvering (My Apache Key) <[email protected]>" not changed gpg: key 990ED4AA: "Knut Anders Hatlen <[email protected]>" not changed gpg: key 88D83722: "Andreas Korneliussen <[email protected]>" not changed gpg: key 5355D01C: "Dag H. Wanvik (Derby committer) <[email protected]>" not changed gpg: key 37AA956A: "Myrna van Lunteren <[email protected]>" not changed gpg: key FFCCF7B1: "Dyre Tjeldvoll <[email protected]>" not changed gpg: Total number processed: 13 gpg: unchanged: 13 [tsa...@vixen Derby]$ [tsa...@vixen Derby]$ gpg --verify db-derby-10.5.1.1-src.tar.gz.asc gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key ID 37AA956A gpg: Good signature from "Myrna van Lunteren <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 66C3 0B69 5415 91E3 A777 F84D 0E13 F75A 37AA 956A [tsa...@vixen Derby]$ What I don't understand is at the bottom: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Can someone please clue me in? Is this good, bad, neutral? Should I do something (and if so, what)? Should I ignore and move on? Thank you in advance. Regards, Tena Sakai [email protected]
