xml-xalan-c-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Hoyt <mh...@ca.ibm.com>
Subject Re: GPG signature verification for Xerces-c 2.4.0
Date Wed, 21 Apr 2004 15:10:11 GMT

Hi Mike,

This is not really a Xalan specific question and is not appropriate for
this lst.    There are plenty of sources of PGP information on the web.
If you look at the result of your verification you can see the signature is

 The warning relates to the fact that you do not if the signature really
belongs to the named owner (in this case: Neil Graham).    You have no
trusted paths to this signature to vouch that this is actually Neil's key
(other than the fact his public key was available on the Xerces page).
For more information refer to the GnuPG manual:


             "Conmackie, Mike"                                             
             ompuware.com>                                              To 
             04/21/2004 10:21          <xalan-c-users@xml.apache.org>      
             AM                                                         cc 
             Please respond to         GPG signature verification for      
               xalan-c-users           Xerces-c 2.4.0                      

Hello Everyone,

In the process of installing Xalan-c 1.7.0 I am also installing Xerces-c
2.4.0.  I am attempting to validate the contents of the Xerces-c distro
using GPG.  The KEYS (retrieved from
http://www.apache.org/dist/xml/xerces-c/KEYS) have been imported using:

     gpg --import KEYS

But the verification command:

     gpg --verify xerces-c2_4_0-windows_nt-msvc_60.zip.asc

produces the following output:

     gpg: Signature made 12/02/03 22:06:48  using DSA key ID 95597B05
     gpg: Good signature from "Neil Graham (this key is primarily for
signing Xerces-J   releases) <neilg@ca.ibm.com>"
     gpg: checking the trustdb
     gpg: no ultimately trusted keys found
     gpg: WARNING: This key is not certified with a trusted signature!
     gpg:          There is no indication that the signature belongs to the
     Primary key fingerprint: 93ED 2646 814E 5072 5BC6  F748 8BF6 F975 9559

Can anyone tell me what I'm doing wrong?  I'm a GPG neophyte so be kind ;-)

Mike Conmackie

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

View raw message