(fwd from jerry@theashergroup.com) Suggestion: describe (or link to) how to verify your distributions

Martin Pool mbp at sourcefrog.net
Fri Nov 22 22:35:00 GMT 2002

On 22 Nov 2002, Steve Langasek <vorlon at netexpress.net> wrote:

> Hmm.  I see nine signatures already, and I have a full trust relationship
> to the key which traverses multiple paths through the keyring, the
> shortest of which is only three hops long, despite never having met a
> member of the Samba Team.  All in all, a well-connected key, and I think
> if there are people who get this error and actually care about it :), the
> problem is more likely to lie on their end of the web of trust.

According to samba.html, the distribution key is 

  gpg: key 2F87AF6F: public key "Samba Distribution Verification Key <samba-bugs at samba.org>"

This has only a single signature, from Jerry.

mbp at toey ~% gpg --list-sig 2F87AF6F   
pub  1024D/2F87AF6F 2002-10-15 Samba Distribution Verification Key <samba-bugs at samba.org>
sig 3       2F87AF6F 2002-10-15   Samba Distribution Verification Key <samba-bugs at samba.org>
sig         D83511F6 2002-10-15   Gerald W. Carter <jerry at samba.org>
sub  1024g/4A271F85 2002-10-15 [expires: 2004-10-14]
sig         2F87AF6F 2002-10-15   Samba Distribution Verification Key <samba-bugs at samba.org>

Jerry's key is pretty well signed, but perhaps not strongly connected
to the world at large.

I don't know of any way to get GPG to automatically download
signatures for the web of trust, so unless people happen to have
Jerry's key and those of the people who certify him it is likely to be

I think it would be good to get other developers to sign the
distribution key.  Perhaps we might also get organizations like CERT
or AusCERT to sign the key (if they will), because administrators are
likely to already have their pubkeys.

Jerry, if you can call Sundeep's desk then I will listen to your voice
and sign your key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021122/290c897b/attachment.bin

More information about the samba-technical mailing list