Gaston, You might want to try: gpg --recv-keys 517D0F0E or read the following information on gpg signatures from kernel.org: http://www.kernel.org/signature.html - John 'Warthog9' Hawley On 06/21/2010 05:07 PM, Gaston Fiore wrote: > Hello, > > I'm trying to verify the download of Git and I get the following: > > gbrain:Downloads gafiore$ gpg --verify git-1.7.1.tar.bz2.sign > gpg: Signature made Fri Apr 23 22:49:17 2010 EDT using DSA key ID 517D0F0E > gpg: Can't check signature: public key not found > > How do I know whether I should trust the downloaded file? > > Thanks, > > -Gaston > > -- > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html