Security GPG Key question
ral77
ral77 at bellsouth.net
Mon Mar 8 00:02:37 UTC 2004
I have setup the keyserver pgp.mit.edu and gpg --recv-key 0x731002FA .
Then set the trust with the interactive gpg --edit-key 0x731002FA . When
I run rpm --checksig -v kernel-2.4.20-30.7.legacy.i686.rpm
kernel-2.4.20-30.7.legacy.i686.rpm:
MD5 sum OK: 8679be0ce60e842d0ceab9e3084cefe8
gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Fri 20 Feb 2004 11:07:04 PM EST using DSA key ID
731002FA
gpg: Good signature from "Fedora Legacy (http://www.fedoralegacy.org)
<secnotice at fedoralegacy.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Fingerprint: D66D 121F 9784 5E7B 2757 8C46 108C 4512 7310 02FA
My question is about the gpg: WARNING: This key is not certified with a
trusted signature!
Is this related to the note on the web site at
http://www.fedoralegacy.org/about/security.php
*"Note:* The GPG key on the Fedora Legacy web site is alone without any
signatures. This is what we use to sign packages as there is a bug with
RPM when you use a key which has signatures on it. The key on the
key-server may gather signatures from time to time, but the key on our
site will not reflect this."
Yesterday and the monthly LUG meeting one of the security folks walked
me through the pgp setup on my rh8 server
and I'm referencing the history file and attempting the setup on a rh72
server. I may have a procedure error as this is new for me.
Best regards,
Robert L.
More information about the fedora-legacy-list
mailing list