[csw-users] Question about setting up digital signature checking in Blastwave

Thu Jul 31 12:30:48 CEST 2008

Dear,

I recently installed Solaris 10 on new hardware and I am currently checking out Blastwave, to ease the installation of extra packages and such. I've installed Blastwave as described on the website and it all seems to be working.

I then proceeded to take a look at the digital signature checking feature in Blastwave.

So I used used "# /opt/csw/bin/wget --output-document=pgp.key http://www.blastwave.org/mirrors.html" to get the public key. This seemed to work fine.

But then when I import this public key I get the following:

bash-3.00# gpg --import pgp.key

gpg: directory `//.gnupg' created

gpg: new configuration file `//.gnupg/gpg.conf' created

gpg: WARNING: options in `//.gnupg/gpg.conf' are not yet active during this run

gpg: keyring `//.gnupg/secring.gpg' created

gpg: keyring `//.gnupg/pubring.gpg' created

gpg: //.gnupg/trustdb.gpg: trustdb created

gpg: key E12E9D2F: public key "Distribution Manager <dm at blastwave.org>" imported

gpg: Total number processed: 1

gpg:               imported: 1

gpg: no ultimately trusted keys found

The last line worries me. Do I need some kind of root-key installed in order for it to be able to verify the public key of Blastwave? I don't seem to find anything about this on the website.

I'm not sure how to proceed.

Thanks for any help you might have.

Kind regards,

Johan Grégoire
informatiesystemen 

Johan.Gregoire at uzleuven.be <mailto:Johan.Gregoire at uzleuven.be> 
tel. +32 16 34 77 14
tel. secr. +32 16 34 78 00

UZ Leuven  | campus Gasthuisberg | Herestraat 49 | B - 3000 Leuven  | www.uzleuven.be <http://www.uzleuven.be>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20080731/2bb8df0b/attachment-0002.html>