Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: PGP key question

X-seq: zsh-users 23691
From: Ben Oliver <ben@xxxxxxxxxxxx>
To: zsh-users@xxxxxxx
Subject: Re: PGP key question
Date: Tue, 2 Oct 2018 08:51:17 +0100
Authentication-results: out.migadu.com; auth=pass (plain)
Dkim-signature: v=1;a=rsa-sha256;bh=MbuCckNgf7N8u3yWRBqoipaIESNN6WnguV9pttD3bfw=;c=relaxed/simple;d=bfoliver.com;h=from:subject:date:to;s=default;b=nAop24q6D3UUvp0wOsHKcFe0EGkAaIZC5l+f85TzK74QW9VeDGnE7ZNht77gMv/vSind9Smq50P+gSKOGhMVTORf+NlxxkWvQ6hdoAkZT7TmAxZ7+uwR5iiPBtpsGkuk9nXq8Rho+kdDcyxZXG7HKboBZreUYm5yw7nfZ0VSVfY=
In-reply-to: <BAC9B7B8-2F94-4B54-ACC0-38AF2E8706C4@contoso.com>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <BAC9B7B8-2F94-4B54-ACC0-38AF2E8706C4@contoso.com>

On 18-10-02 01:21:03, Clark Dunson wrote:

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the owner.

Primary key fingerprint: E966 46BE 08C0 AF0A A0F9  0788 A5FE EE3A C793 7444

    Subkey fingerprint: 6EB6 0B63 7CE5 ACBF 2449  A2DA DB27 E997 429A F20C

Is there a concern here?

This is just a warning that you have not personally signed the key, ieverified that you know this person.

gpg just knows that key X was used to sign the package, it doesn't knowif the key truly belongs to the owner - that's on you to find out. Ifyou are 100% sure (usually after meeting the owner) you can sign the keyto avoid the warning.

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: PGP key question
  - From: Peter Stephenson

References:
- PGP key question
  - From: Clark Dunson

Messages sorted by: Reverse Date, Date, Thread, Author