[Samba] newbie: Verification of the downloaded Samba source

[Ronan Waide]

On Tue, 10 Dec 2002, alan brown wrote:
> Could not find a valid trust path to the key.  Let's see whether we can
> assign some missing owner trust values.
> No path leading to one of our keys found
> gpg: Warning: This key is not certified with a trusted signature.
> Gpg: There is no indication that the signature belongs to the owner.

All this is saying is that yes, the signature does check out against
the key you provided; however, gpg has no indication of the validity
of that key. The wrong way to solve this is to use gpg to set the key
to 'trusted'; the right way is to obtain a chain of keys that connects
the Samba key to a key you trust, such as your own. Obviously the
right way is more difficult since you need to obtain the keys that
signed the samba key, then the keys that signed /those/ keys, and so
on until you get to a key that you've signed yourself or a key that
you have declared as trusted.

This is pretty integral to GPG/PGP, so I'd suggest you read up on
these to learn more.

Cheers,
Waider. D9B006F7 in GPG land :)
-- 
waider at waider.ie / Yes, it /is/ very personal of me.

"`My fault' - what you say when you detonate a grenade in the midst of your
 comrades and send their body parts flying." - Julian Waldby