Re: This key is not certified with a trusted signature.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/16/2011 12:48 AM, Tushar Chavan wrote:
> Hi Experts,
>  
> I have dowloaded KEYS & httpd-2.2.17.tar.gz.asc  from main distribution center ( 
> http://www.apache.org/dist/httpd/ ).
>  
> I imported keys with  gpg --import KEYS
> 
> gpg --verify httpd-2.2.17.tar.gz.asc
>  
> gpg: Signature made Thu Oct 14 15:48:36 2010 GMT+3 using RSA key ID 7F7214A7
> gpg: Good signature from "William A. Rowe, Jr. <wrowe@xxxxxxxxxxxxx
> <mailto:wrowe@xxxxxxxxxxxxx>>"
> gpg:                 aka "William A. Rowe, Jr. <wrowe@xxxxxxxxxx <mailto:wrowe@xxxxxxxxxx>>"
> gpg:                 aka "William A. Rowe, Jr. <william.rowe@xxxxxxxxxxxxxxxx
> <mailto:william.rowe@xxxxxxxxxxxxxxxx>>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401  9235 193F 180A B55D 9977
>      Subkey fingerprint: 4962 0827 E32B C882 DC6B  EF54 A348 B984 7F72 14A7
>  
> I tried to get a key
> gpg --keyserver pgpkeys.mit.edu --recv-key  7F7214A7
> *------>but not able to reach pgpkeys.mit.edu.*

If you can't reach pgpkeys.mit.edu, or find my credentials on the other services,
there might be something horribly amiss with your configuration?!?  But note
that 7F7214A7 is subordinate and no keystore indexes by it.

  Primary key fingerprint: [...] B55D 9977

gives you the clue you need, B55D9977 is publicly published.

In any case, it will *NOT* be trusted.  You have to personally trust someone
within the WoT (web of trust) before such credentials are trusted.

If I know your brother's second cousin who is an expat where we met in Austria,
and we signed each others keys, then perhaps that would happen.

Otherwise, you need to either trust the KEYS file you downloaded, or build a
web of trust to someone who does.

Hint: there are two options, trust and localtrust.  If you sign with localtrust,
you won't spread your own identity and credentials through the internet when you
try resyncing :)

Yours,

Bill

For the record, the datum above is correct.  Trust only the master signing key
B55D 9977 and my subkeys will follow.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux