P T schrieb: > I downloaded clam av from the clam av site. However when I check the > signature I get that basically it isn't a trusted signature. How am I doing > this wrong?
>> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. In order to get rid of that message (and so that the signature actually produces any security benefit) you have to give your GPG installation a means of verifying that the public key it's using for checking the signature can be trusted to be really Tomasz' key. There are two ways to do that: - Either you declare your trust in one of the existing signers on that key. Normally you do that only if you know him or her personally or if it is some well-known and trusted signing authority like CAcert or Heise. Unfortunately, Tomasz' key is not signed by one of the latter. - Or you check for yourself that the key is indeed Tomasz', by verifying the fingerprint: >> Primary key fingerprint: 0DCA 5A08 407D 5288 279D B434 5482 2DC8 985A 444B and then sign the key with your own GPG key. This is normally done in a face to face meeting where the key owner hands you the correct fingerprint and you check his/her ID, but depending on your security concerns (or lack thereof), other more or less trusted channels such as a publication in a printed magazine or book may be sufficient. HTH T. -- Tilman Schmidt [EMAIL PROTECTED] Phoenix Software GmbH Tel. +49 228 97199 0 Geschäftsführer: W. Grießl Fax +49 228 97199 99 Adolf-Hombitzer-Str. 12 www.phoenixsoftware.de 53227 Bonn, Germany Amtsgericht Bonn HRB 2934
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
