Hi

ok...thanks for those tips...I have now found

gpg --keyserver subkeys.pgp.net --recv-keys 26447505
gpg: requesting key 26447505 from hkp server subkeys.pgp.net
gpg: key A65F5E17: public key ""rkhun...@hushmail.com" <
rkhun...@hushmail.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

is similar to

gpg --keyserver subkeys.pgp.net --recv-keys C2B0898226447505
gpg: requesting key 26447505 from hkp server subkeys.pgp.net
gpg: key A65F5E17: ""rkhun...@hushmail.com" <rkhun...@hushmail.com>" not
changed
gpg: Total number processed: 1
gpg:              unchanged: 1


....I allege they are the same key.

and I too got the same result as Dick with the command

gpg --verify rkhunter-1.3.4.tar.gz.asc
gpg: Signature made Wed 31 Dec 2008 06:52:06 AM WST using RSA key ID
26447505
gpg: WARNING: signing subkey 26447505 is not cross-certified
gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more
information
gpg: Can't check signature: general error


2) So the main difference from my first post....is using a better keyserver
repository.

3) Now it appears the last issue, is maybe, when unSpawn has a chance to
review this thread....he might consider the link that says all he needs to
do (allegedly)

You can easily add this cross-certification using GnuPG 1.4.3 or later. To
do this, simply run "gpg --edit-key (yourkey)" and then enter
"cross-certify". You'll need to type your passphrase, and GnuPG will add the
necessary cross-certification. Once this is done, you should distribute your
key however you like (send it to a keyserver, post on a web page, etc). If
you have already done this and people are still receiving the warning, make
sure they have updated their copy of your key from the keyserver or web
page.

http://www.gnupg.org/faq/subkey-cross-certify.html

4) Of course, I and others have already stated we trust the team.

So I leave it to someone with better diplomatic skills than I to convince
unSpawn to consider cross signing the key and alerting us to the new key?

thanks all for helping so far.

cheerio
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to