Hi, this is a normal behavior as you gpg can't know it's really my key. Take a look at this article on the subject
http://www.apache.org/info/verification.html You can also verify my key on http://pgpkeys.mit.edu/ Regards -- Dejan Bosanac ---------------------- Red Hat, Inc. FuseSource is now part of Red Hat [email protected] Twitter: @dejanb Blog: http://sensatic.net ActiveMQ in Action: http://www.manning.com/snyder/ On Tue, Jan 22, 2013 at 3:55 PM, agrubner <[email protected]> wrote: > Dear Dejan > > Thank you for your information. I did it again - here the latest download > and verification: > > agrubner@agrubner-ETHZ-race911:~/Studium/ActiveMQ$ gpg --import KEYS > gpg: key F5BA7E4F: "Hiram Chirino <[email protected]>" not changed > gpg: key A2F9E313: "David Jencks (CODE SIGNING KEY) <[email protected]>" > not changed > gpg: key 56F3E01B: "David Jencks (geronimo) <[email protected]>" not > changed > gpg: key 456DFEA9: "David M. Johnson (Dave Johnson) <[email protected]>" > not changed > gpg: key 17AA5B25: "David Johnson <[email protected]>" not changed > gpg: key 69CC103E: "Gary Tully (key for apache releases) > <[email protected]>" not changed > gpg: key 2C983957: "Bruce Snyder <[email protected]>" not changed > gpg: key 6852C7DA: "Dejan Bosanac <[email protected]>" not changed > gpg: key BACB8793: "Dejan Bosanac <[email protected]>" not changed > gpg: key 6A70C608: "Hadrian Zbarcea <[email protected]>" not changed > gpg: Total number processed: 10 > gpg: unchanged: 10 > agrubner@agrubner-ETHZ-race911:~/Studium/ActiveMQ$ gpg --verify > apache-activemq-5.7.0-bin.tar.gz.asc > gpg: Signature made Tue 02 Oct 2012 06:16:02 PM CEST using DSA key ID > BACB8793 > gpg: Good signature from "Dejan Bosanac <[email protected]>" > *gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 8EBB 5B90 AFDC 45FC E988 9945 62ED 4DF0 BACB 8793* > agrubner@agrubner-ETHZ-race911:~/Studium/ActiveMQ$ > > As you can see, the signature is now OK but it still the indication > outstanding, that the signature is not from the owner itself. One can say > now, this guy is really insisting on fine keys, but is it not the story > behind to have everything matched to be almost 100% sure, that the files are > correct? I assume indeed, that the file is fine - but from the key > management point of view, still some things are outstanding. > > Have a very good day and thank you for your help above. > > Cheers > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/Download-tp4661970p4662033.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com.
