mercredi 20 mai 2015

rvm installation gpg key warning

To install rvm, I use the command provided on the rvm website (http://ift.tt/1ai4ISh) to install stable versions of rvm:

\curl -sSL https://get.rvm.io | bash -s stable --ruby

I am a little concerned about the warning I get from gpg: "There is no indication that the signature belongs to the owner." Is this gpg just being a bit too picky? The primary key fingerprint (409B 6B17 96C2 7546 2A17 0311 3804 BB82 D39D C0E3) matches Michal Papis so that is re-assuring.

But then why does gpg warn that "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner"? This reminds me of Certificate Authorities (CAs) and not paying a CA, but doesn't gpg work differently?

Output during installation:

Downloading http://ift.tt/1egqNDH
Downloading http://ift.tt/1egqNDK
gpg: Signature made Mon Mar 30 14:52:13 2015 PDT using RSA key ID BF04FF17
gpg: Good signature from "Michal Papis (RVM signing) <mpapis@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 409B 6B17 96C2 7546 2A17  0311 3804 BB82 D39D C0E3
Subkey fingerprint: 62C9 E5F4 DA30 0D94 AC36  166B E206 C29F BF04 FF17
GPG verified '/Users/MyHome/.rvm/archives/rvm-1.26.11.tgz'

Aucun commentaire:

Enregistrer un commentaire