I'm reinventing the wheel while learnig abou Debian key signing, so far I've been able to verify sarge-amd64 DVD iso images via
$ gpg --verify MD5SUMS.sign MD5SUMS gpg: Signature made Mon 13 Jun 2005 10:48:17 PM CEST using DSA key ID F6A32A8E gpg: Good signature from "Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>" gpg: aka "Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>" gpg: aka "Santiago Garcia Mantinan (manty) <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3F0A 12FC 0B55 A917 D791 82D3 72FD C205 F6A3 2A8E I'd like to know how to get rid of warning above. So far I've imported the whole Debian keyring gpg --import /usr/share/keyrings/debian-keyring.gpg which action may be pretty stupid, but I expected some "higher authority" key being present there, well, it is not, as I'm still getting warning about not certified key. Is there anything like Debian CA key, or shoul I ask Santiago Garcia Mantinan about his key's fingerprint? Thanks for any enlightement. Vit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]