[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2007-06-16 at 08:23 -0700, Les wrote:
> All that is shown in my review window is your reply David, but when I
> opened it to reply here, it seems there is more in the message.  I am
> also seeing a warning about your signature, saying "Valid signature,
> cannot verify sender" 

That's to be expected.  The signature needs something else to verify
that they are who they claim to be.  Generally, that's at least another
counter-signature from someone, or some organisation, that you've
trusted.  

Someone personally verifies that this signature comes from David, they
see some credible identification from David that David is really David,
they counter-sign his key with theirs.  And so on the chain goes.

It'll be flagged as unverified until at least one of the counter
signatures is by someone/something that you trust (as a technical
configuration issue, for PGP, that is).

And on that note, I've yet to see a counter-signed key, and we really
ought to have them on the package signatures.  Sure, most are signed.
But so what?  Most of them are meaningless self-generated, not
double-checked, signatures.

-- 
(This box runs FC5, my others run FC4 & FC6, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux