news <[EMAIL PROTECTED]> wrote on 11/02/2004 04:20:50 PM:
> I have downloaded these file from http://www.apache.org/dist/xml/xerces-j/
> KEYS
> Xerces-J-bin.2.6.2.tar.gz
> Xerces-J-bin.2.6.2.tar.gz.sig
>
> Import keys with:
> gpg --import KEYS
>
> Verify signature gives error:
> ==>
> [EMAIL PROTECTED] Xerces]$ gpg --verify Xerces-J-bin.2.6.2.tar.gz.sig
> Xerces-J-bin.2.6.2.tar.gz
> gpg: Signature made Sat 21 Feb 2004 10:23:01 AM NZDT using DSA key ID
> 745ECEAA
> gpg: Good signature from "Michael Glavassevich <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 3526 7674 1E89 E1F0 20DF 0F43 1DC3 01DC 745E CEAA
> [EMAIL PROTECTED] Xerces]$
> ==>
>
> What can be wrong here ?
It means my key has not been cross-signed by someone else. There are number of other people who aren't connected to the Apache web of trust [1]. It's just a matter of meeting face to face with someone who is connected and cross-signing keys with them. That's on my TODO list.
> --
> John Zoetebier
> Web site: http://www.transparent.co.nz
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
[1] http://www.apache.org/~henkp/trust/apache.html
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: [EMAIL PROTECTED]
E-mail: [EMAIL PROTECTED]
- Problem gpg --verify of Xerces download John Zoetebier
- Re: Problem gpg --verify of Xerces download Michael Glavassevich
