Hello Mentors - I am trying to figure out how to eliminate the warning in the --verify output below.
I've recently had my key signed by Owen O'Malley which should get me into the web-of-trust to some degree. My key has been added to the KEYS file for the release. What do we have to do as verifiers to not see the following: 11:23 localhost:knox-incubating-0.3.1 xxxxxxx$ gpg --verify knox-incubating-0.3.1.zip.asc knox-incubating-0.3.1.zip gpg: Signature made Thu Nov 7 05:55:50 2013 PST using RSA key ID 587C089B gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <[email protected] >" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CB95 1DC9 3839 1FE2 0768 2BB5 82F9 C371 587C 089B thanks, --larry
