On Mon, 22 Dec 2003 19:45, Marcel Weber <[EMAIL PROTECTED]> wrote: > s. keeling wrote: > > gpg: Signature made Sun Dec 21 17:14:28 2003 MST using DSA key ID > > 946886AE gpg: Good signature from "Trey Sizemore <[EMAIL PROTECTED]>" > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. gpg: Fingerprint: 683F FFE2 AA2D D341 6002 A973 8443 F068 9468 > > 86AE > > You have to establish a network of trust. If you do not trust this key > (you have to sign it, to mark it trusted) or if you do not trust any key > that has signed the above, you get exactly this result.
Signing a key you don't know is not a good idea, it's easy to accidentally upload a key... There is a gpg option "lsign" which can be used for this, it's like a regular signature but it can never be exported. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
