db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathey Marsden <kmarsdende...@sbcglobal.net>
Subject Re: Problem verifying the release
Date Thu, 04 Sep 2008 15:29:39 GMT
John Embretsen wrote:
> Kathey Marsden wrote:
>> I attempted to verify the release with gpg and get:
>> [C:/kmarsden/projects/]  gpg --verify 
>> db-derby-
>> gpg: Signature made 08/26/08 06:59:54  using DSA key ID 98E21827
>> gpg: Good signature from "Rick Hillegas <rhillegas@apache.org>"
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg:          There is no indication that the signature belongs to the
>> owner.
>> Primary key fingerprint: 8F57 86E6 ED0B D91C 1BB8  36FD 3D8B 00E1 98E2 1827
>> I see in the KEYS file that it doesn't look like Rick's key has been
>> signed by anyone.
>> pub   1024D/98E21827 2006-02-04
>> uid                  Rick Hillegas <rhillegas@apache.org>
>> sig 3        98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
>> sub   2048g/EA8075A5 2006-02-04
>> sig          98E21827 2006-02-04  Rick Hillegas <rhillegas@apache.org>
> I did not get this warning, as Rick's key is signed by several people
> whose signature I trust to some degree.
> You can see the list of public signatures for example by accessing a
> keyserver's web interface:
> http://keyserver.mine.nu/pks/lookup?op=vindex&fingerprint=on&search=0x3D8B00E198E21827
> Try doing
>  gpg --refresh-keys
> and see if it helps.
I tried --refresh keys and it added 7 signatures to Rick but I still got 
the same error, perhaps because there is no overlap in the signatures 
between me and Rick. I then attempted to upgrade my gpg which caused 
more serious problems.  If you are able to verify properly I think we 
can write my problems off to user error.


View raw message