Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: PGP key question
- X-seq: zsh-users 23692
- From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
- To: <zsh-users@xxxxxxx>
- Subject: Re: PGP key question
- Date: Tue, 2 Oct 2018 09:23:56 +0100
- Cms-type: 201P
- Dkim-filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20181002082358euoutp01cc9a6c165901440bed2901686d2332be~ZvRN1ds1t0083200832euoutp01M
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1538468639; bh=GWjLHu32u3H1gMA6kvWRc098NRTtHRDSL3680aCe9tE=; h=Date:From:To:Subject:In-Reply-To:References:From; b=LpkUHwOlLeio0rFVZwWrXzI9AnIgEVvB9lOKlqkOrES2K9ke9mmlUIUSMb4ucS80X ex5t6Bhks9wsBgvoMJqPuwaIvf28xJxoeEwJo7Jk6V7E0VFbQFfcM3i0UIG4eqqlxl +9Rc1PtC/g/1k/2C5kWTQIdxiAH8tM0SrOvwd1to=
- In-reply-to: <20181002075117.GA7637@neptune.home.b999.me>
- List-help: <mailto:zsh-users-help@zsh.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:zsh-users@zsh.org>
- List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
- Organization: SCSC
- References: <BAC9B7B8-2F94-4B54-ACC0-38AF2E8706C4@contoso.com> <CGME20181002075914epcas5p426151406b599d2f9553ce3294da88016@epcas5p4.samsung.com> <20181002075117.GA7637@neptune.home.b999.me>
On Tue, 2 Oct 2018 08:51:17 +0100
Ben Oliver <ben@xxxxxxxxxxxx> wrote:
> On 18-10-02 01:21:03, Clark Dunson wrote:
> >gpg: WARNING: This key is not certified with a trusted signature!
> >
> >gpg: There is no indication that the signature belongs to the owner.
> >
> >Primary key fingerprint: E966 46BE 08C0 AF0A A0F9 0788 A5FE EE3A C793 7444
> >
> > Subkey fingerprint: 6EB6 0B63 7CE5 ACBF 2449 A2DA DB27 E997 429A F20C
> >
> >Is there a concern here?
>
> This is just a warning that you have not personally signed the key, ie
> verified that you know this person.
>
> gpg just knows that key X was used to sign the package, it doesn't know
> if the key truly belongs to the owner - that's on you to find out. If
> you are 100% sure (usually after meeting the owner) you can sign the key
> to avoid the warning.
To fill in the obvious: we're quite sure the releases were actually
signed either by Daniel or me.
pws
Messages sorted by:
Reverse Date,
Date,
Thread,
Author