What does it take to get a key certified with a trusted signature? In other words, how do we get rid of that warning on our release files?
I'm a noob at this signing stuff, but it freaked me out that after jumping through all the hoops to get a key and put it in all the required places etc etc. - and in your case, go to parties and jump through more hoops - and still get a WARNING with a message that makes the whole exercise feel futile? EdB On Wed, Jul 31, 2013 at 4:31 PM, Justin Mclean <[email protected]> wrote: > Hi, > >> gpg: Signature made Tue Jul 30 09:26:36 2013 CEST using RSA key ID AEEAD151 >> gpg: Good signature from "Justin Mclean <[email protected]>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. >> Primary key fingerprint: E284 8796 7B09 2453 A2AB 8DA9 E0F2 8593 AEEA D151 > > You need to import the KEYS file or look up the web of trust on my key. > > http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xE0F28593AEEAD151 > > Justin -- Ix Multimedia Software Jan Luykenstraat 27 3521 VB Utrecht T. 06-51952295 I. www.ixsoftware.nl
