Hi Edmund, GPG is telling you that it does not know whether the signature is legit or not (that is: whether TrueCrypt authors really made it). The message "Good signature from TrueCrypt ..." does not mean anything in practice, because everyone can create a keypair, label it with whatever name/email they want, and sign whatever file they want.
To make that warning go away, you should tell GPG that you trust TrueCypt's public key, but this is a complicated matter. If you want to have some degree of certainty that the signature is legit, make sure you downloaded it through HTTPS. This will ensure (up to a certain point) that the signature has not been compromised by a man-in-the-middle attack. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam