On Sat, Nov 23, 2002 at 08:29:57AM +1100, Tim Potter wrote: > On Fri, Nov 22, 2002 at 03:16:09PM -0600, David W. Chapman Jr. wrote:
> > > Where do I get the samba codesigning key? How do I import it? How > > > do I know I got the right one? > > > > > > What do I do if it doesn't verify? > > I always wondered if someone uploaded a tarball with a trojan, what's > > preventing them from updating the .asc file as well? > This is why you can't necessarily ignore the message that says: > gpg: WARNING: This key is not certified with a trusted signature! > The samba team needs to get more people to sign the distribution key so > this message becomes less frequent. Hmm. I see nine signatures already, and I have a full trust relationship to the key which traverses multiple paths through the keyring, the shortest of which is only three hops long, despite never having met a member of the Samba Team. All in all, a well-connected key, and I think if there are people who get this error and actually care about it :), the problem is more likely to lie on their end of the web of trust. -- Steve Langasek postmodern programmer
msg04561/pgp00000.pgp
Description: PGP signature
