Hi, I've search the mailing list archives and couldn't find the answer so I'm trying here hoping someone could help.
When I run: gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2 I get this result: gpg: Signature made Sat Jan 29 10:18:19 2000 EST using DSA key ID 1E1A8782 gpg: Good signature from "Linux Kernel Archives Verification Key <[EMAIL PROTECTED]>" Could not find a valid trust path to the key. Let's see whether we can assign some missing owner trust values. No path leading to one of our keys found. gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 9DB4 C3A4 EF2A 3111 9072 82F3 F2A5 75DC 1E1A 8782 My question: Does this means that the linux-2.3.41.tar.bz2 is no good or that the "sign" file is no good? I got the public signature key from here: "http://www.kernel.org/signature.html"; and I've imported this key. Any help is appreciated. MB.
