When you run that, it checks against keys stored somewhere. I think locally. I would think you imported some keys at some point in the past, no? If you import our most recent KEYS file it should show Justin with a stronger key. Or import from a keys server.
On 7/31/13 8:44 AM, "Erik de Bruin" <[email protected]> wrote: >I didn't import anything... I just ran 'gpg --verify xxx.asc xxx' >against the RC files. > >EdB > > > >On Wed, Jul 31, 2013 at 5:41 PM, Alex Harui <[email protected]> wrote: >> The key system still requires that the keys you verify against are >> updated. That's the kink you ran into. You probably imported Justin's >> key before he strengthened by attending key-signing parties. If you >> re-import his key and then verify against it, it should show that more >> people have signed it. >> >> On 7/31/13 7:51 AM, "Erik de Bruin" <[email protected]> wrote: >> >>>Yeah, I know about that... You did, apparently, but I still got the >>>WARNING that I can't trust your key. >>> >>>EdB >>> >>> >>> >>>On Wed, Jul 31, 2013 at 4:49 PM, Justin Mclean >>><[email protected]> >>>wrote: >>>> Hi, >>>> >>>>> What does it take to get a key certified with a trusted signature? >>>> Meet people face to face, prove who you are, and get them to sign your >>>>key (and vice versa). >>>> >>>> http://wiki.apache.org/apachecon/PgpKeySigning >>>> >>>> Justin >>> >>> >>> >>>-- >>>Ix Multimedia Software >>> >>>Jan Luykenstraat 27 >>>3521 VB Utrecht >>> >>>T. 06-51952295 >>>I. www.ixsoftware.nl >> > > > >-- >Ix Multimedia Software > >Jan Luykenstraat 27 >3521 VB Utrecht > >T. 06-51952295 >I. www.ixsoftware.nl
