On Monday 28 July 2008 14:36:15 [EMAIL PROTECTED] wrote: > >gpg: WARNING: signing subkey 26447505 is not cross-certified > Thanks for the heads up, I've got one similar warning previously. I > thought I corrected that but I'll have to check again. Please note > that the key itself is not revoked, invalid or expired.
The practical problem is that it is not possible to find out that this is the signing key, trust, revocation and expiry aside. There is a very weak association between the key id and rkhunter -- http://www.google.com/search?q=26447505+rkhunter Any person able to upload an invalid .tar.gz can sign it with any .asc, and upload their key to as many keyservers as they please, and who would say that that was not the correct key. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
