On 11 March 2014 11:49, Michael S. Tsirkin <m...@redhat.com> wrote: > On Tue, Mar 11, 2014 at 11:32:41AM +0000, Peter Maydell wrote: >> That won't help with removing the warning. What gpg >> is saying here is "I found this key in the keyring, >> and the signature checks out, but there's no chain >> of trust between the person who applied the pull >> and that key". That is, I haven't signed your key. > > Okay ... would you like to sign it? > Didn't you go to the key signing party at the forum? > If yes you have all the data :)
At the forum I only signed keys where the other person had been sufficiently organised to get their key onto the pre-printed list Anthony sent out and were clearly following the instructions. (Basically I wasn't expecting to be applying other peoples' pull requests at that time so it seemed sufficient to do a mutual signing with a reasonable number of developers.) I can't remember why I put a cross next to your name at this point, but obviously I can't sign your key now if I didn't choose to do so then; that would be breaking the whole point of doing in person checks. > But the commit log will include the warning forever I think? True, but does that matter? thanks -- PMM