On Fri, Nov 22, 2002 at 03:16:09PM -0600, David W. Chapman Jr. wrote: > > Where do I get the samba codesigning key? How do I import it? How > > do I know I got the right one? > > > > What do I do if it doesn't verify? > > I always wondered if someone uploaded a tarball with a trojan, what's > preventing them from updating the .asc file as well?
This is why you can't necessarily ignore the message that says: gpg: WARNING: This key is not certified with a trusted signature! The samba team needs to get more people to sign the distribution key so this message becomes less frequent. Tim.