Please forgive me if I have made any egregious errors in my process, I was unable to find an associated IRC channel for this project. I recently obtained 3.4.9 from gnutls.org and with the provided key was unable to validate the authenticity of the download.
$ gpg --fetch-keyshttp://members.hellug.gr/nmav/pgpkeys.asc <http://www.google.com/url?q=http%3A%2F%2Fmembers.hellug.gr%2Fnmav%2Fpgpkeys.asc&sa=D&sntz=1&usg=AFQjCNGSzhk59hvuQj_nrF3Iofrup1fqaQ> gpg: keyring `/home/USER/.gnupg/secring.gpg' created gpg: key 96865171: public key "Nikos Mavrogiannopoulos <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: no ultimately trusted keys found $ gpg --verify gnutls-3.4.9.tar.xz.sig gnutls-3.4.9.tar.xz gpg: Signature made Wed 03 Feb 2016 02:23:48 AM CST using RSA key ID 9013B842 gpg: Good signature from "Nikos Mavrogiannopoulos <[email protected]>" gpg: aka "Nikos Mavrogiannopoulos < [email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1F42 4189 05D8 206A A754 CCDC 29EE 58B9 9686 5171 Subkey fingerprint: A812 CBFD FCDC 4D0B E7A0 9312 9D5E AAF6 9013 B842 $ Have I missed something here, or is this a security vulnerability?
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
