On Tue, Jul 10, 2018 at 6:23 PM Rodric Rabbah <rod...@gmail.com> wrote:
> ...working with @vincent to
> publish his key to avoid this:
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
I'm not sure if this is related to GitHub, AFAIK what's happening is
that Vincent's GPG key is not signed by other people in a way that
creates a chain of signatures to your own key.
We usually have key signing events at Apache conferences, see
the following sections.