[Privoxy-users] GPG Import/Verify fails for Privoxy v3.0.34
Anthony K
ak.privoxy at anroet.com
Mon Mar 4 09:00:03 CET 2024
This site says all is well if I see 'Good signature from...':
https://www.baeldung.com/linux/verify-file-asc-signature
Thanks for your help, Ian. I'm appeased.
PS: I note that from the message back in 2017 there was mention of some HASH files - are those no longer published? I searched but couldn't find them.
Cheers,
ak.
On 4/3/24 18:50, Anthony K wrote:
> I've progressed further:
>
> $ gpg --keyserver keyserver.ubuntu.com --recv-keys 8BA2371C
> gpg: key 691822918BA2371C: 4 duplicate signatures removed
> gpg: key 691822918BA2371C: public key "Fabian Keil <fk at fabiankeil.de>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
>
> And then I tried to verify again:
>
> $ gpg --verify privoxy-3.0.34-stable-src.tar.gz.asc
> gpg: assuming signed data in 'privoxy-3.0.34-stable-src.tar.gz'
> gpg: Signature made Sun 05 Feb 2023 15:56:40 AEDT
> gpg: using RSA key 4F36C17F3816913654A1E850691822918BA2371C
> gpg: Good signature from "Fabian Keil <fk at fabiankeil.de>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 4F36 C17F 3816 9136 54A1 E850 6918 2291 8BA2 371C
>
> That warning worries me though...
>
> ak.
More information about the Privoxy-users
mailing list