On Wed, 8 May 2013, Larry Evans wrote: > the verification command and result are: > > ~/download/gcc/4.8 $ gpg --verify --keyring ./gnu-keyring.gpg > ./gcc-4.8.0.tar.bz2.sig > gpg: Signature made Fri Mar 22 08:32:18 2013 CDT using DSA key ID C3C45C06 > gpg: Good signature from "Jakub Jelinek <ja...@redhat.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29 3709 A328 C3A2 C3C4 5C06 > ~/download/gcc/4.8 $ > > Should I be worried about the gpg: WARNING?
Not unless you are paranoid. :-) This means that there is not path in the web of trust (https://en.wikipedia.org/wiki/Web_of_trust) between Jakub and you. That's not ideal in terms of security, but not a drama. Gerald
