You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by larry mccay <lm...@apache.org> on 2013/11/08 17:50:47 UTC
[MENTORS] Verifying Release Signatures
Hello Mentors -
I am trying to figure out how to eliminate the warning in the --verify
output below.
I've recently had my key signed by Owen O'Malley which should get me into
the web-of-trust to some degree.
My key has been added to the KEYS file for the release.
What do we have to do as verifiers to not see the following:
11:23 localhost:knox-incubating-0.3.1 xxxxxxx$ gpg --verify
knox-incubating-0.3.1.zip.asc knox-incubating-0.3.1.zip
gpg: Signature made Thu Nov 7 05:55:50 2013 PST using RSA key ID 587C089B
gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <lmccay@apache.org
>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: CB95 1DC9 3839 1FE2 0768 2BB5 82F9 C371 587C 089B
thanks,
--larry
Re: [MENTORS] Verifying Release Signatures
Posted by larry mccay <la...@gmail.com>.
bump... :)
On Tue, Nov 12, 2013 at 11:55 AM, larry mccay <la...@gmail.com> wrote:
> Bumping this as a gentile reminder to the mentors....
>
> Thanks!
>
>
> On Fri, Nov 8, 2013 at 11:50 AM, larry mccay <lm...@apache.org> wrote:
>
>> Hello Mentors -
>>
>> I am trying to figure out how to eliminate the warning in the --verify
>> output below.
>>
>> I've recently had my key signed by Owen O'Malley which should get me into
>> the web-of-trust to some degree.
>>
>> My key has been added to the KEYS file for the release.
>>
>> What do we have to do as verifiers to not see the following:
>>
>> 11:23 localhost:knox-incubating-0.3.1 xxxxxxx$ gpg --verify
>> knox-incubating-0.3.1.zip.asc knox-incubating-0.3.1.zip
>> gpg: Signature made Thu Nov 7 05:55:50 2013 PST using RSA key ID 587C089B
>> gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <
>> lmccay@apache.org>"
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg: There is no indication that the signature belongs to the
>> owner.
>> Primary key fingerprint: CB95 1DC9 3839 1FE2 0768 2BB5 82F9 C371 587C
>> 089B
>>
>> thanks,
>>
>> --larry
>>
>
>
Re: [MENTORS] Verifying Release Signatures
Posted by larry mccay <la...@gmail.com>.
Bumping this as a gentile reminder to the mentors....
Thanks!
On Fri, Nov 8, 2013 at 11:50 AM, larry mccay <lm...@apache.org> wrote:
> Hello Mentors -
>
> I am trying to figure out how to eliminate the warning in the --verify
> output below.
>
> I've recently had my key signed by Owen O'Malley which should get me into
> the web-of-trust to some degree.
>
> My key has been added to the KEYS file for the release.
>
> What do we have to do as verifiers to not see the following:
>
> 11:23 localhost:knox-incubating-0.3.1 xxxxxxx$ gpg --verify
> knox-incubating-0.3.1.zip.asc knox-incubating-0.3.1.zip
> gpg: Signature made Thu Nov 7 05:55:50 2013 PST using RSA key ID 587C089B
> gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <
> lmccay@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: CB95 1DC9 3839 1FE2 0768 2BB5 82F9 C371 587C 089B
>
> thanks,
>
> --larry
>