I have downloaded Qubes R3.2-rc3 iso and in the course of verifying signatures received the following output: [user@rubbish ~]$ gpg -v --verify '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' gpg: armor header: Version: GnuPG v2 gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID 03FA5082 gpg: using PGP trust model gpg: Good signature from "Qubes OS Release 3 Signing Key" gpg: binary signature, digest algorithm SHA256 [user@rubbish ~]$ gpg --list-sig 03FA5082 pub 4096R/03FA5082 2014-11-19 uid Qubes OS Release 3 Signing Key sig 36879494 2014-11-19 Qubes Master Signing Key sig 3 E2986940 2016-01-04 [User ID not found] sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
As you can see signature E2986940 is unknown. I imported this key, it belongs to "Kabine Diane <kabi...@me.com>" This seems very suspicious. Should I delete the iso and try a fresh download? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nrglpa%24btn%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.