Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
Mac OS X
Description
I get a warning when I verify the PGP signature of 0.4.0-incubating release. I am not enough of a PGP expert to know whether this is a serious concern.
$ gpg --keyserver pgpkeys.mit.edu --recv-key 6B5FA695 gpg: requesting key 6B5FA695 from hkp server pgpkeys.mit.edu gpg: key AB10D143: public key "Jacques Nadeau <jacques@apache.org>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) $ gpg --verify apache-drill-0.4.0-incubating.tar.gz.asc apache-drill-0.4.0-incubating.tar.gz gpg: Signature made Thu Jul 31 07:48:05 2014 PDT using RSA key ID 6B5FA695 gpg: Good signature from "Jacques Nadeau <jacques@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: BA97 595F EA79 095C AC43 C07E DF2B E030 AB10 D143 Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116 62A4 C2C6 022A 6B5F A695
My environment is as follows:
$ uname -a
Darwin HW10571.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
$ gpg --version
gpg (GnuPG) 1.4.16
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2