[gnutls-help] gpg verify issue with 3.4.9
Mark Rager
toastedmilk at gmail.com
Wed Mar 2 03:57:02 CET 2016
Please forgive me if I have made any egregious errors in my process, I was
unable to find an associated IRC channel for this project. I recently
obtained 3.4.9 from gnutls.org and with the provided key was unable to
validate the authenticity of the download.
$ gpg --fetch-keyshttp://members.hellug.gr/nmav/pgpkeys.asc
<http://www.google.com/url?q=http%3A%2F%2Fmembers.hellug.gr%2Fnmav%2Fpgpkeys.asc&sa=D&sntz=1&usg=AFQjCNGSzhk59hvuQj_nrF3Iofrup1fqaQ>
gpg: keyring `/home/USER/.gnupg/secring.gpg' created
gpg: key 96865171: public key "Nikos Mavrogiannopoulos <nmav at gnutls.org>"
imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
$ gpg --verify gnutls-3.4.9.tar.xz.sig gnutls-3.4.9.tar.xz
gpg: Signature made Wed 03 Feb 2016 02:23:48 AM CST using RSA key ID
9013B842
gpg: Good signature from "Nikos Mavrogiannopoulos <nmav at gnutls.org>"
gpg: aka "Nikos Mavrogiannopoulos <
n.mavrogiannopoulos at gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 1F42 4189 05D8 206A A754 CCDC 29EE 58B9 9686 5171
Subkey fingerprint: A812 CBFD FCDC 4D0B E7A0 9312 9D5E AAF6 9013 B842
$
Have I missed something here, or is this a security vulnerability?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160301/788d4ecf/attachment-0001.html>
More information about the Gnutls-help
mailing list