On Sat, Feb 10, 2001 at 07:54:49PM +0100, Carel Fellinger wrote:
> On Sat, Feb 10, 2001 at 06:11:01PM +0100, marcoghidinelli wrote:
> ...
> > for the debian-developer keys:
> > apt-get install debian-keyring
> >
>
> I've done this some time ago, but now I get:
>
> [-- PGP output follows (current time: Sat Feb 10 19:40:06 2001) --]
> gpg: Signature made Sat 10 Feb 2001 06:11:01 PM CET using DSA key ID EBF15399
> gpg: Good signature from "Marco Ghidinelli <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> gpg: Fingerprint: 1C34 97F7 1837 D525 7E3F C883 B572 DF1A EBF1 5399
> [-- End of PGP output --]
it's right. the signature was verified with the copy distribuited on public
keyserver.
(i'm not a debian developer and you cannot get my public keys in the
debian-keyring)
> But I'm quit willing to trust debian developers in general.
> I trust them
> with the packages, might as well trust their identity:) I'm a bit uncertain
> how to achieve this though. Is it enough if I tell gpg to trust James Troup?
who is james troup??
i think that you must trust all the keys from debian-keyring.
--
BOFH excuse #235:
The new frame relay network hasn't bedded down the software loop transmitter yet.
PGP signature
