On 22 Nov 2002, Steve Langasek <[EMAIL PROTECTED]> wrote: > Hmm. I see nine signatures already, and I have a full trust relationship > to the key which traverses multiple paths through the keyring, the > shortest of which is only three hops long, despite never having met a > member of the Samba Team. All in all, a well-connected key, and I think > if there are people who get this error and actually care about it :), the > problem is more likely to lie on their end of the web of trust.
According to samba.html, the distribution key is http://us1.samba.org/samba/ftp/samba-pubkey.asc gpg: key 2F87AF6F: public key "Samba Distribution Verification Key <[EMAIL PROTECTED]>" This has only a single signature, from Jerry. mbp@toey ~% gpg --list-sig 2F87AF6F pub 1024D/2F87AF6F 2002-10-15 Samba Distribution Verification Key <[EMAIL PROTECTED]> sig 3 2F87AF6F 2002-10-15 Samba Distribution Verification Key <[EMAIL PROTECTED]> sig D83511F6 2002-10-15 Gerald W. Carter <[EMAIL PROTECTED]> sub 1024g/4A271F85 2002-10-15 [expires: 2004-10-14] sig 2F87AF6F 2002-10-15 Samba Distribution Verification Key <[EMAIL PROTECTED]> Jerry's key is pretty well signed, but perhaps not strongly connected to the world at large. I don't know of any way to get GPG to automatically download signatures for the web of trust, so unless people happen to have Jerry's key and those of the people who certify him it is likely to be untrusted. I think it would be good to get other developers to sign the distribution key. Perhaps we might also get organizations like CERT or AusCERT to sign the key (if they will), because administrators are likely to already have their pubkeys. Jerry, if you can call Sundeep's desk then I will listen to your voice and sign your key. -- Martin
msg04562/pgp00000.pgp
Description: PGP signature
