Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-1242

Warning while verifying PGP signature


    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Future
    • Component/s: Tools, Build & Test
    • Labels:
    • Environment:

      Mac OS X


      I get a warning when I verify the PGP signature of 0.4.0-incubating release. I am not enough of a PGP expert to know whether this is a serious concern.

      $ gpg --keyserver pgpkeys.mit.edu --recv-key 6B5FA695
      gpg: requesting key 6B5FA695 from hkp server pgpkeys.mit.edu
      gpg: key AB10D143: public key "Jacques Nadeau <jacques@apache.org>" imported
      gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
      gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
      gpg: Total number processed: 1
      gpg:               imported: 1  (RSA: 1)
      $ gpg --verify apache-drill-0.4.0-incubating.tar.gz.asc apache-drill-0.4.0-incubating.tar.gz
      gpg: Signature made Thu Jul 31 07:48:05 2014 PDT using RSA key ID 6B5FA695
      gpg: Good signature from "Jacques Nadeau <jacques@apache.org>"
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg:          There is no indication that the signature belongs to the owner.
      Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
           Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695

      My environment is as follows:

      $ uname -a
      Darwin HW10571.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun  3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
      $ gpg --version
      gpg (GnuPG) 1.4.16
      Copyright (C) 2013 Free Software Foundation, Inc.
      License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
      Home: ~/.gnupg
      Supported algorithms:
      Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
      Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
              CAMELLIA128, CAMELLIA192, CAMELLIA256
      Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
      Compression: Uncompressed, ZIP, ZLIB, BZIP2




            • Assignee:
              julianhyde Julian Hyde
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: