Re: Linux-PAM-1.1.3 and LFS 7.0

Sat, 19 Nov 2011 10:43:50 -0800 

--- Em sex, 18/11/11, Wayne Blaszczyk <wblas...@bigpond.net.au> escreveu:

> De: Wayne Blaszczyk <wblas...@bigpond.net.au>
> Assunto: Re: Linux-PAM-1.1.3 and LFS 7.0
> Para: blfs-support@linuxfromscratch.org
> Data: Sexta-feira, 18 de Novembro de 2011, 19:30
> On 19/11/11 02:02, Fernando de
> Oliveira wrote:
> > --- Em sex, 18/11/11, Wayne Blaszczyk <wblas...@bigpond.net.au>
> escreveu:
> ...
> >> Can
> >> some please post the md5sum for
> Linux-PAM-1.1.4.tar.bz2. I
> >> just want to
> >> make sure I've downloaded the correct version.
> >> Thanks,
> >> Wayne
> > 
> > 
> > 
> > wget -c 
> > http://ftp.df.lth.se/pub/linux/libs/pam/documentation/Linux-PAM-1.1.4-docs.tar.bz2.sign
> &&
> > wget -c 
> > http://ftp.df.lth.se/pub/linux/libs/pam/documentation/Linux-PAM-1.1.4-docs.tar.bz2
> &&
> > wget -c 
> > http://ftp.df.lth.se/pub/linux/libs/pam/library/Linux-PAM-1.1.4.tar.bz2.sign
> &&
> > wget -c 
> > http://ftp.df.lth.se/pub/linux/libs/pam/library/Linux-PAM-1.1.4.tar.bz2
> &&
> > gpg --verify Linux-PAM-1.1.4-docs.tar.bz2.sign
> Linux-PAM-1.1.4-docs.tar.bz2 &&
> > gpg --verify Linux-PAM-1.1.4.tar.bz2.sign
> Linux-PAM-1.1.4.tar.bz2
> > 
> > 
> > []s,
> > Fernando de Oliveira
> > Natal, RN, BRAZIL
> 
> Thanks, the reason why I asked for the md5sums was that I'm
> not familar
> with this sign concept.
> When I run the verify command,I get the following warning
> message:
> gpg: WARNING: This key is not certified with a trusted
> signature!
> gpg:          There is no
> indication that the signature belongs to the
> owner.
> 
> Should there be concern with this?
> This is after doing the following command:
> gpg --keyserver wwwkeys.pgp.net --recv-keys 0x517D0F0E
> 
> Wayne.
> -- 
> http://linuxfromscratch.org/mailman/listinfo/blfs-support
> FAQ: http://www.linuxfromscratch.org/blfs/faq.html
> Unsubscribe: See the above information page
> 

Sorry for the late reply. I see it has been properly replied before. Here I 
give my version, just in case I am wrong and will have to change. corrected.

I do not mind about the WARNING and do no sign. In the beginning, I searched 
about this and the conclusion was that if someone posted signatures with wrong 
intentions it would be spotted, so I waited one day and then, trusted it.

These days, most signatures I check with gpg --verify are from previous 
versions of packages, so I believe they are trustable (if there is this word in 
English).


[]s,
Fernando de Oliveira
Natal, RN, BRAZIL
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to