Hi, Jonathan Ryshpan wrote: > While verifying my download of Fedora-34, I encounter this message: > $ gpg --verify-files *-CHECKSUM > gpg: Signature made Fri 23 Apr 2021 12:36:44 PM PDT > gpg: using RSA key > 8C5BA6990BDB26E19F2A1A801161AE6945719A39 > gpg: Good signature from "Fedora (34) > <fedora-34-primary@xxxxxxxxxxxxxxxxx>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 8C5B A699 0BDB 26E1 9F2A 1A80 1161 AE69 4571 > 9A39 > I surmise this means that my computer's list of trusted signatures > needs to be brought up to date (actually it may not even exist). How > can this be done? A link to info would suffice. There's nothing wrong with that output. The warning is simply telling you that the Fedora key isn't signed by a key you've marked as trusted. As an aside, we (the royal we, as in folks in the Fedora community who maintain the website) should change the verification step to recommend gpgv rather than the gpg command. It would require making the fedora.gpg a de-armored file, but then it the instructions would be simpler. -- Todd
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
