[Samba] gpg import and verify

Andrew Bartlett abartlet at samba.org
Wed May 24 18:54:09 UTC 2017


On Wed, 2017-05-24 at 17:02 +0100, Edson via samba wrote:
> thewolf at xxxthewolf:~/samba$ gpg --import samba-pubkey.asc 
> gpg: key 6F33915B6568B7EA: "Samba Distribution Verification Key  
> <samba-bugs at samba.org>" not changed
> gpg: Total number processed: 1
> gpg:              unchanged: 1
> 
> thewolf at xxxthewolf:~/samba$ gpg --verify samba-4.6.4.tar.asc 
> gpg: assuming signed data in 'samba-4.6.4.tar'
> gpg: Signature made ter 23 mai 2017 04:21:57 -04
> gpg:                using DSA key 6F33915B6568B7EA
> gpg: Good signature from "Samba Distribution Verification Key  
> <samba-bugs at samba.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 52FB C0B8 6D95 4B08 4332  4CDC 6F33 915B 6568 B7EA

Correct, but if you downloaded the signature from our https:// website,
then you could reasonably choose to trust it.  This just means that GPG
can't figure out a trust value from the web of trust, which does not
rely on transport security.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list