--- Em sex, 18/11/11, Wayne Blaszczyk <wblas...@bigpond.net.au> escreveu:
> De: Wayne Blaszczyk <wblas...@bigpond.net.au> > Assunto: Re: Linux-PAM-1.1.3 and LFS 7.0 > Para: blfs-support@linuxfromscratch.org > Data: Sexta-feira, 18 de Novembro de 2011, 19:30 > On 19/11/11 02:02, Fernando de > Oliveira wrote: > > --- Em sex, 18/11/11, Wayne Blaszczyk <wblas...@bigpond.net.au> > escreveu: > ... > >> Can > >> some please post the md5sum for > Linux-PAM-1.1.4.tar.bz2. I > >> just want to > >> make sure I've downloaded the correct version. > >> Thanks, > >> Wayne > > > > > > > > wget -c > > http://ftp.df.lth.se/pub/linux/libs/pam/documentation/Linux-PAM-1.1.4-docs.tar.bz2.sign > && > > wget -c > > http://ftp.df.lth.se/pub/linux/libs/pam/documentation/Linux-PAM-1.1.4-docs.tar.bz2 > && > > wget -c > > http://ftp.df.lth.se/pub/linux/libs/pam/library/Linux-PAM-1.1.4.tar.bz2.sign > && > > wget -c > > http://ftp.df.lth.se/pub/linux/libs/pam/library/Linux-PAM-1.1.4.tar.bz2 > && > > gpg --verify Linux-PAM-1.1.4-docs.tar.bz2.sign > Linux-PAM-1.1.4-docs.tar.bz2 && > > gpg --verify Linux-PAM-1.1.4.tar.bz2.sign > Linux-PAM-1.1.4.tar.bz2 > > > > > > []s, > > Fernando de Oliveira > > Natal, RN, BRAZIL > > Thanks, the reason why I asked for the md5sums was that I'm > not familar > with this sign concept. > When I run the verify command,I get the following warning > message: > gpg: WARNING: This key is not certified with a trusted > signature! > gpg: There is no > indication that the signature belongs to the > owner. > > Should there be concern with this? > This is after doing the following command: > gpg --keyserver wwwkeys.pgp.net --recv-keys 0x517D0F0E > > Wayne. > -- > http://linuxfromscratch.org/mailman/listinfo/blfs-support > FAQ: http://www.linuxfromscratch.org/blfs/faq.html > Unsubscribe: See the above information page > Sorry for the late reply. I see it has been properly replied before. Here I give my version, just in case I am wrong and will have to change. corrected. I do not mind about the WARNING and do no sign. In the beginning, I searched about this and the conclusion was that if someone posted signatures with wrong intentions it would be spotted, so I waited one day and then, trusted it. These days, most signatures I check with gpg --verify are from previous versions of packages, so I believe they are trustable (if there is this word in English). []s, Fernando de Oliveira Natal, RN, BRAZIL -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page