Frank Barnaby wrote:
I assisted Jim H. create a key and then sign my key. My local testing
shows no more warnings, but it would be helpful to have someone else
verify.
In good tradition everything security related is hard, no exception this
time :-) I'm trying to verify the distribution and I need to import the
KEYS file. I wonder whether it is checked in at the right place (part of
jtsk and we also have qatest)?
Also I tried to verify the distributions, I imported the KEYS file and
received the keys of Jim, Frank and Jukka but all I get is this.
gpg --verify apache-river-2.1.1-incubating-bin.zip.asc
apache-river-2.1.1-incubating-bin.zip
gpg: Signature made 12/19/07 22:24:05 using RSA key ID 86124FBC
gpg: Good signature from "Frank Barnaby <[EMAIL PROTECTED]>"
gpg: aka "Frank Barnaby <[EMAIL PROTECTED]>"
gpg: aka "Frank Barnaby (CODE SIGNING KEY)
<[EMAIL PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: D074 AD05 445C 34DD 04AE B682 19A2 FF47 8612 4FBC
So what is going wrong here?
--
Mark
