On Fri, 2021-06-25 at 22:25 -0400, Todd Zullinger wrote:
Jonathan Ryshpan wrote:While verifying my download of Fedora-34, I encounter this message:$ gpg --verify-files *-CHECKSUMgpg: Signature made Fri 23 Apr 2021 12:36:44 PM PDTgpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39gpg: Good signature from "Fedora (34) <fedora-34-primary@xxxxxxxxxxxxxxxxx>" [unknown]gpg: WARNING: This key is not certified with a trusted signature!gpg: There is no indication that the signature belongs to the owner.Primary key fingerprint: 8C5B A699 0BDB 26E1 9F2A 1A80 1161 AE69 4571 9A39I surmise this means that my computer's list of trusted signaturesneeds to be brought up to date (actually it may not even exist). Howcan this be done? A link to info would suffice.There's nothing wrong with that output. The warning issimply telling you that the Fedora key isn't signed by a keyyou've marked as trusted.As an aside, we (the royal we, as in folks in the Fedoracommunity who maintain the website) should change theverification step to recommend gpgv rather than the gpgcommand. It would require making the fedora.gpg ade-armored file, but then it the instructions would besimpler.
Just as I thought. So...
How do I mark a key as trusted? What precautions are needed to be sure that the key should actually be trusted?
--
Thanks - Jonathan Ryshpan <jonrysh@xxxxxxxxxxx> Those who have put out the eyes of the people reproach them for their blindness. -- Milton
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
