Security GPG Key question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have setup the keyserver pgp.mit.edu and gpg --recv-key 0x731002FA . Then set the trust with the interactive gpg --edit-key 0x731002FA . When I run rpm --checksig -v kernel-2.4.20-30.7.legacy.i686.rpm

kernel-2.4.20-30.7.legacy.i686.rpm:
MD5 sum OK: 8679be0ce60e842d0ceab9e3084cefe8
gpg: WARNING: --honor-http-proxy is a deprecated option.
gpg: please use "--keyserver-options honor-http-proxy" instead
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Fri 20 Feb 2004 11:07:04 PM EST using DSA key ID 731002FA
gpg: Good signature from "Fedora Legacy (http://www.fedoralegacy.org) <secnotice@xxxxxxxxxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Fingerprint: D66D 121F 9784 5E7B 2757 8C46 108C 4512 7310 02FA


My question is about the gpg: WARNING: This key is not certified with a trusted signature!

Is this related to the note on the web site at http://www.fedoralegacy.org/about/security.php

*"Note:* The GPG key on the Fedora Legacy web site is alone without any signatures. This is what we use to sign packages as there is a bug with RPM when you use a key which has signatures on it. The key on the key-server may gather signatures from time to time, but the key on our site will not reflect this."

Yesterday and the monthly LUG meeting one of the security folks walked me through the pgp setup on my rh8 server
and I'm referencing the history file and attempting the setup on a rh72 server. I may have a procedure error as this is new for me.


Best regards,
Robert L.





[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux