On Tue, Jul 10, 2018 at 6:23 PM Rodric Rabbah <rod...@gmail.com> wrote:
> ...working with @vincent to
> publish his key to avoid this:
>    gpg: WARNING: This key is not certified with a trusted signature!
>    gpg:          There is no indication that the signature belongs to the
> owner....

I'm not sure if this is related to GitHub, AFAIK what's happening is
that Vincent's GPG key is not signed by other people in a way that
creates a chain of signatures to your own key.

We usually have key signing events at Apache conferences, see
https://www.apache.org/dev/release-signing.html#key-signing-party and
the following sections.


Reply via email to