verifikacija z gpg
Primoz Hrvatin
primozh at email.si
Thu Oct 25 22:43:54 CEST 2001
Zivjo!
Ko skusam verificirati avtenticnost patchev za kernel - imam torej fajla
patch-2.4.13.bz2 in patch-2.4.13.bz2.sign, ki sem jih potegnil z
ftp.si.kernel.org - z ukazom:
gpg --verify patch-2.4.13.bz2.sign patch-2.4.13.bz2
dobim tole:
gpg: Warning: using insecure memory!
gpg: Signature made Wed 24 Oct 2001 07:32:51 AM CEST using DSA key ID
517D0F0E
gpg: Good signature from "Linux Kernel Archives Verification Key
<ftpadmin at kernel.org>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
Se prej sem importal public key v skladu s "howtojem" na:
http://www.kernel.org/signature.html
dobim pa isto napako. In zdaj tricky Q:
Zakaj?
Namrec s kljucem na videz ni nic narobe, vsaj, kar se tice fingerprinta in
ostalih podatkov.
Primoz
p.s. sem probal tudi z gpg --update-trustdb pa tudi fajli na glavnem
kernel.org so identicni z mojimi
More information about the lugos-list
mailing list