Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: PGP key question

X-seq: zsh-users 23692
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: <zsh-users@xxxxxxx>
Subject: Re: PGP key question
Date: Tue, 2 Oct 2018 09:23:56 +0100
Cms-type: 201P
Dkim-filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20181002082358euoutp01cc9a6c165901440bed2901686d2332be~ZvRN1ds1t0083200832euoutp01M
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1538468639; bh=GWjLHu32u3H1gMA6kvWRc098NRTtHRDSL3680aCe9tE=; h=Date:From:To:Subject:In-Reply-To:References:From; b=LpkUHwOlLeio0rFVZwWrXzI9AnIgEVvB9lOKlqkOrES2K9ke9mmlUIUSMb4ucS80X ex5t6Bhks9wsBgvoMJqPuwaIvf28xJxoeEwJo7Jk6V7E0VFbQFfcM3i0UIG4eqqlxl +9Rc1PtC/g/1k/2C5kWTQIdxiAH8tM0SrOvwd1to=
In-reply-to: <20181002075117.GA7637@neptune.home.b999.me>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
Organization: SCSC
References: <BAC9B7B8-2F94-4B54-ACC0-38AF2E8706C4@contoso.com> <CGME20181002075914epcas5p426151406b599d2f9553ce3294da88016@epcas5p4.samsung.com> <20181002075117.GA7637@neptune.home.b999.me>

On Tue, 2 Oct 2018 08:51:17 +0100
Ben Oliver <ben@xxxxxxxxxxxx> wrote:
> On 18-10-02 01:21:03, Clark Dunson wrote:
> >gpg: WARNING: This key is not certified with a trusted signature!
> >
> >gpg:          There is no indication that the signature belongs to the owner.
> >
> >Primary key fingerprint: E966 46BE 08C0 AF0A A0F9  0788 A5FE EE3A C793 7444
> >
> >     Subkey fingerprint: 6EB6 0B63 7CE5 ACBF 2449  A2DA DB27 E997 429A F20C
> >
> >Is there a concern here?  
> 
> This is just a warning that you have not personally signed the key, ie 
> verified that you know this person.
> 
> gpg just knows that key X was used to sign the package, it doesn't know 
> if the key truly belongs to the owner - that's on you to find out. If 
> you are 100% sure (usually after meeting the owner) you can sign the key 
> to avoid the warning.

To fill in the obvious: we're quite sure the releases were actually
signed either by Daniel or me.

pws

Follow-Ups:
- Re: PGP key question
  - From: Daniel Shahaf

References:
- PGP key question
  - From: Clark Dunson
- Re: PGP key question
  - From: Ben Oliver

Messages sorted by: Reverse Date, Date, Thread, Author