I downloaded avrdude-6.3.tar.gz and avrdude-6.3.tar.gz.sig from https://download.savannah.gnu.org/releases/avrdude/, tried to verify and got this:
gpg: assuming signed data in 'avrdude-6.3.tar.gz' gpg: Signature made Tue 16 Feb 2016 10:02:43 PM UTC gpg: using DSA key F48CA81B69A85873 gpg: key F48CA81B69A85873: new key but contains no user ID - skipped gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: Can't check signature: No public key I also found https://github.com/facchinm/avrdude/releases but nothing there is signed. What should I do now? It's important for me to build from source and I'd much prefer it to be signed.
