db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tena Sakai" <tsa...@gallo.ucsf.edu>
Subject newbie confused about "verifying release"
Date Tue, 19 May 2009 21:43:53 GMT
Hi,

I am a newbie and just got started with derby.  I was doing what this page
  http://db.apache.org/derby/releases/release-10.5.1.1.cgi#Verifying+releases
instructed.

The host is a redhat linux.
  uname -vro
returns:
  2.6.9-78.0.1.ELsmp #1 SMP Tue Jul 22 18:01:05 EDT 2008 GNU/Linux

Here are responses from the two commands:
  [tsakai@vixen Derby]$ gpg --import KEYS
  gpg: key AB1B7EE4: "Daniel John Debrunner <djd@debrunners.com>" not changed
  gpg: key AB821FBC: "Samuel Andrew McIntyre (Apache Derby Project) <fuzzylogic@nonintuitive.com>"
not changed
  gpg: key 21EA3ECD: "Mike Matrigali <mikem_app@sbcglobal.net>" not changed
  gpg: key 8E8367B1: "Satheesh Bandaram (Apache Derby Project) <satheesh@Sourcery.Org>"
not changed
  gpg: key 99586C26: "Jean T. Anderson <jta@bristowhill.com>" not changed
  gpg: key B1669287: "Kathey Marsden <kmarsden@apache.org>" not changed
  gpg: key 98E21827: "Rick Hillegas <rhillegas@apache.org>" not changed
  gpg: key 0C8EBFBE: "David Van Couvering (My Apache Key) <davidvc@apache.org>" not
changed
  gpg: key 990ED4AA: "Knut Anders Hatlen <kahatlen@apache.org>" not changed
  gpg: key 88D83722: "Andreas Korneliussen <andreas.korneliussen@broadpark.no>" not
changed
  gpg: key 5355D01C: "Dag H. Wanvik (Derby committer) <dag@apache.org>" not changed
  gpg: key 37AA956A: "Myrna van Lunteren <m.v.lunteren@gmail.com>" not changed
  gpg: key FFCCF7B1: "Dyre Tjeldvoll <dyre@apache.org>" not changed
  gpg: Total number processed: 13
  gpg:              unchanged: 13
  [tsakai@vixen Derby]$ 
  [tsakai@vixen Derby]$ gpg --verify db-derby-10.5.1.1-src.tar.gz.asc
  gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key ID 37AA956A
  gpg: Good signature from "Myrna van Lunteren <m.v.lunteren@gmail.com>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 66C3 0B69 5415 91E3 A777  F84D 0E13 F75A 37AA 956A
  [tsakai@vixen Derby]$ 

What I don't understand is at the bottom:
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.

Can someone please clue me in?  Is this good, bad, neutral?
Should I do something (and if so, what)?  Should I ignore and move on?

Thank you in advance.

Regards,

Tena Sakai
tsakai@gallo.ucsf.edu

Mime
View raw message