Hi Bill, Nice to see your email. I can see B55D9977 in KEY file which I have imported. I will go ahead & use the downloaded files now. Best Regards, Tushar.
> Date: Wed, 16 Mar 2011 01:13:15 -0500 > From: wr...@rowe-clan.net > To: users@httpd.apache.org > Subject: Re: [users@httpd] This key is not certified with a trusted signature. > > On 3/16/2011 12:48 AM, Tushar Chavan wrote: > > Hi Experts, > > > > I have dowloaded KEYS & httpd-2.2.17.tar.gz.asc from main distribution > > center ( > > http://www.apache.org/dist/httpd/ ). > > > > I imported keys with gpg --import KEYS > > > > gpg --verify httpd-2.2.17.tar.gz.asc > > > > gpg: Signature made Thu Oct 14 15:48:36 2010 GMT+3 using RSA key ID 7F7214A7 > > gpg: Good signature from "William A. Rowe, Jr. <wr...@rowe-clan.net > > <mailto:wr...@rowe-clan.net>>" > > gpg: aka "William A. Rowe, Jr. <wr...@apache.org <mailto:wr...@apache.org>>" > > gpg: aka "William A. Rowe, Jr. <william.r...@springsource.com > > <mailto:william.r...@springsource.com>>" > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the owner. > > Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401 9235 193F 180A B55D 9977 > > Subkey fingerprint: 4962 0827 E32B C882 DC6B EF54 A348 B984 7F72 14A7 > > > > I tried to get a key > > gpg --keyserver pgpkeys.mit.edu --recv-key 7F7214A7 > > *------>but not able to reach pgpkeys.mit.edu.* > > If you can't reach pgpkeys.mit.edu, or find my credentials on the other > services, > there might be something horribly amiss with your configuration?!? But note > that 7F7214A7 is subordinate and no keystore indexes by it. > > Primary key fingerprint: [...] B55D 9977 > > gives you the clue you need, B55D9977 is publicly published. > > In any case, it will *NOT* be trusted. You have to personally trust someone > within the WoT (web of trust) before such credentials are trusted. > > If I know your brother's second cousin who is an expat where we met in > Austria, > and we signed each others keys, then perhaps that would happen. > > Otherwise, you need to either trust the KEYS file you downloaded, or build a > web of trust to someone who does. > > Hint: there are two options, trust and localtrust. If you sign with > localtrust, > you won't spread your own identity and credentials through the internet when > you > try resyncing :) > > Yours, > > Bill > > For the record, the datum above is correct. Trust only the master signing key > B55D 9977 and my subkeys will follow. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org >
