db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Embretsen <John.Embret...@Sun.COM>
Subject Re: Problem verifying the release
Date Thu, 04 Sep 2008 06:35:47 GMT
Kathey Marsden wrote:
> I attempted to verify the release with gpg and get:
> 
> [C:/kmarsden/projects/10.4.2.0]  gpg --verify 
> db-derby-10.4.2.0-bin.zip.asc
> gpg: Signature made 08/26/08 06:59:54  using DSA key ID 98E21827
> gpg: Good signature from "Rick Hillegas <rhillegas@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 8F57 86E6 ED0B D91C 1BB8  36FD 3D8B 00E1 98E2 1827
>
> I see in the KEYS file that it doesn't look like Rick's key has been
> signed by anyone.
> 
> pub   1024D/98E21827 2006-02-04
> uid                  Rick Hillegas <rhillegas@apache.org>
> sig 3        98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
> sub   2048g/EA8075A5 2006-02-04
> sig          98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
> 
> -----BEGIN PGP PUBLIC KEY BLOCK----


I did not get this warning, as Rick's key is signed by several people
whose signature I trust to some degree.
You can see the list of public signatures for example by accessing a
keyserver's web interface:
http://keyserver.mine.nu/pks/lookup?op=vindex&fingerprint=on&search=0x3D8B00E198E21827

Try doing

 gpg --refresh-keys

and see if it helps.


-- 
John


Mime
View raw message