certification of signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have a real basic question about verifying your download for Fedora 7,
8 and 9.  I'm new to keys, signatures, certification, etc. and I haven't
been able to find what I need in the Fedora help resources. Apologies if this is the wrong place to post or if a similar post appears (not sure that it was lost).

The following is for Fedora 9. I downloaded the iso on May 8th and SHA1SUM on September 2 from the Kent mirrorservice in the UK.

If I follow the instructions at http://fedoraproject.org/en/verify I get:

[mike@desktop iso]$ gpg --verify SHA1SUM
gpg: Signature made Thu 08 May 2008 03:03:44 BST using DSA key ID 4F2A6FD2
gpg: Good signature from "Fedora Project <fedora@xxxxxxxxxx>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: CAB4 4B99 6F27 744E 8612  7CDF B442 69D0 4F2A 6FD2
[mike@desktop iso]$

My question is do I need to worry about the lack of certification?  If I
do how do I check that the signature is certified? Also, does this have anything to do with the migration to new package keys?

I've searched the forum and mailing list and have looked at the various manuals, etc. for gnugpg but can't find what I'm looking for.

Thanks for any help,
Mike





--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux