(fwd from jerry@theashergroup.com) Suggestion: describe (or link to) how to verify your distributions
Tim Potter
tpot at samba.org
Fri Nov 22 21:27:00 GMT 2002
On Fri, Nov 22, 2002 at 03:16:09PM -0600, David W. Chapman Jr. wrote:
> > Where do I get the samba codesigning key? How do I import it? How
> > do I know I got the right one?
> >
> > What do I do if it doesn't verify?
>
> I always wondered if someone uploaded a tarball with a trojan, what's
> preventing them from updating the .asc file as well?
This is why you can't necessarily ignore the message that says:
gpg: WARNING: This key is not certified with a trusted signature!
The samba team needs to get more people to sign the distribution key so
this message becomes less frequent.
Tim.
More information about the samba-technical
mailing list