[Samba] newbie: Verification of the downloaded Samba source

John H Terpstra jht at samba.org
Wed Dec 11 04:17:01 GMT 2002


Alan,

I just verified the samba-pubkey.asc and the two release keys and they
check out perfectly.

My key ID is CCB82B53, and I have signed this key.

You could try:
	gpg --list-sigs 2F87AF6F

To see what info you have obtained from the samba-pubkey.asc file.

Also, is your own key valid?

- John T.

On Tue, 10 Dec 2002, alan brown wrote:
> This is probably nothing but when I did.
>
>
>
>      $ gpg --import samba-pubkey.asc
>      $ gpg --verify samba-release.tar.[bz2|gz].asc
>
>
>
> I got the following response
>
>
>
>      gpg: Signature made Tue 26 Nov 2002 07:12:04 PM CST using DSA key
> ID 2F87AF6F
>      gpg: Good signature from "Samba Distribution Verification Key "
>
>
>
> but then I also got the following.
>
>
>
> Could not find a valid trust path to the key.  Let's see whether we can
> assign some missing owner trust values.
>
>
>
> No path leading to one of our keys found
>
>
>
> gpg: Warning: This key is not certified with a trusted signature.
>
> Gpg: There is no indication that the signature belongs to the owner.
>
>
>
> Is this just something silly that I've done?  I thought I followed the
> very simple instructions adequately.  Downloaded the tar file and the
> asc file associated with that file and the pubkey.asc file.
>
>
>
> Any help would be appreciated.
>
>
>
> alan
>
>
>
>
>
>

-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list