Hi,
Recently I tried to verify the source from www.linux.org, but I had the
following:
[EMAIL PROTECTED]:~$ gpg --verify linux-2.4.4.tar.bz2.sign linux-2.4.4.tar.bz2
gpg: Signature made Sat Apr 28 08:48:08 2001 JAVT using DSA key ID
517D0F0E
gpg: Good signature from "Linux Kernel Archives Verification Key
<[EMAIL PROTECTED]>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
I don't get it; would anybody decipher the message in plain English,
please?
BTW, for verification of originality of the tarball, wouldn't it be
easier using MD5?
[EMAIL PROTECTED]:~$ md5sum linux-2.4.4.tar.bz2
b2cb01dfca76829c31ddc61445e4bbb9 linux-2.4.4.tar.bz2
I think so; there's no server to connect to, and there's no signature
file to retrieve.
Oki
--
The JanosVM supports separate per-team heaps, per-team garbage
collection threads, inter-team thread migration, safe cross-team
reference objects, and a spiffy tutorial.
http://www.cs.utah.edu/flux/janos/janosvm-0.5.0/ANNOUNCE
