> NOTE: gpg gave me this: > > gpg --verify qpid-proton-0.13.1.tar.gz.asc qpid-proton-0.13.1.tar.gz > gpg: Signature made Fri 01 Jul 2016 10:08:26 PM EDT using RSA key ID > C6B459DB > gpg: Good signature from "Justin Ross (CODE SIGNING KEY) <jross@apach > e.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to > the owner. > Primary key fingerprint: F1B5 7706 904F AD58 4D55 21D5 648A 8E57 > C6B4 59DB > > I don't usually do the .asc check so I don't know if this is normal.
I think this means that you personnally don't trust that the signature belongs to who it says it belongs to and is not forged. So you need to verify p2p that the key actually belongs to Justin and mark it trusted yourself, then you won't get the message. Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
