Il 04/09/2013 15:11, Anthony Liguori ha scritto: > On Wed, Sep 4, 2013 at 6:47 AM, Michael S. Tsirkin <m...@redhat.com> wrote: >> I noticed recent merges of the pci tree have this text: >> >> # gpg: Signature made Sun 01 Sep 2013 03:15:36 AM CDT using RSA key >> # ID D28D5469 >> # gpg: Can't check signature: public key not found >> >> Why is that? > > Because I haven't signed your key. We'll address this at this year's KVM > Forum: > > http://wiki.qemu.org/KeySigningParty2013 > >> Linus seems to have no trouble pulling trees with this >> signature, and pulls don't have this error message. > > I'm not sure how wide Linus extends his trust.
Getting a kernel.org account requires 3 signatures from someone else who has a kernel.org account *and* communicating the particular key to the kernel.org sysadmins. So I guess Linus extends his trust to all keys that were processed this way, or something like that. Paolo
