You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Julian Hyde (JIRA)" <ji...@apache.org> on 2014/08/01 23:31:38 UTC

[jira] [Created] (DRILL-1242) Warning while verifying PGP signature

Julian Hyde created DRILL-1242:
----------------------------------

             Summary: Warning while verifying PGP signature
                 Key: DRILL-1242
                 URL: https://issues.apache.org/jira/browse/DRILL-1242
             Project: Apache Drill
          Issue Type: Bug
         Environment: Mac OS X 
            Reporter: Julian Hyde


I get a warning when I verify the PGP signature of 0.4.0-incubating release. I am not enough of a PGP expert to know whether this is a serious concern.

{code}
$ gpg --keyserver pgpkeys.mit.edu --recv-key 6B5FA695
gpg: requesting key 6B5FA695 from hkp server pgpkeys.mit.edu
gpg: key AB10D143: public key "Jacques Nadeau <ja...@apache.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$ gpg --verify apache-drill-0.4.0-incubating.tar.gz.asc apache-drill-0.4.0-incubating.tar.gz
gpg: Signature made Thu Jul 31 07:48:05 2014 PDT using RSA key ID 6B5FA695
gpg: Good signature from "Jacques Nadeau <ja...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
     Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695
{code}

My environment is as follows:

{code}
$ uname -a
Darwin HW10571.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun  3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
$ gpg --version
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
{code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)