On 07/06/14 15:00, Camponez wrote:
After import the keys from:
https://www.mediawiki.org/keys/keys.txt
This is what i got:
$ gpg --verify mediawiki-1.23.0.tar.gz.sig
gpg: Signature made Thu 05 Jun 2014 01:03:32 AM PDT using RSA key ID 5DC00AA7
gpg: Good signature from "Markus Glaser <glaser(a)hallowelt.biz>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 280D B784 5A1D CAC9 2BB5 A00A 946B 0256 5DC0 0AA7
gpg --import keys.txt
gpg: key E8A3FEC4: "Tim Starling <tstarling(a)wikimedia.org>" not changed
gpg: key 4D70938E: "Brion Vibber <brion(a)pobox.com>" not changed
gpg: key F9F8CD79: "Tim Starling <tstarling(a)wikimedia.org>" not changed
gpg: key 9D3BB7B0: "Sam Reed <reedy(a)wikimedia.org>" not changed
gpg: key 4D70938E: "Brion Vibber <brion(a)pobox.com>" not changed
gpg: key 9D3BB7B0: "Sam Reed <reedy(a)wikimedia.org>" not changed
gpg: key 62D84F01: "Chris Steipp <csteipp(a)wikimedia.org>" not changed
gpg: key 7F901A30: "Mark A. Hershberger <mah(a)everybody.org>" not changed
gpg: key 5DC00AA7: public key "Markus Glaser <glaser(a)hallowelt.biz>"
imported
gpg: Total number processed: 9
gpg: imported: 1 (RSA: 1)
gpg: unchanged: 8
# gpg --verify mediawiki-1.23.0.tar.gz.sig
gpg: Signature made Thu 05 Jun 2014 09:03:32 BST using RSA key ID 5DC00AA7
gpg: Good signature from "Markus Glaser <glaser(a)hallowelt.biz>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 280D B784 5A1D CAC9 2BB5 A00A 946B 0256 5DC0 0AA7
#
Thanks! Works fine.
Gordo