On Fri, 2021-06-25 at 22:25 -0400, Todd Zullinger wrote: > Jonathan Ryshpan wrote: > > While verifying my download of Fedora-34, I encounter this message: > > $ gpg --verify-files *-CHECKSUM > > gpg: Signature made Fri 23 Apr 2021 12:36:44 PM PDT > > gpg: using RSA key > > 8C5BA6990BDB26E19F2A1A801161AE6945719A39 > > gpg: Good signature from "Fedora (34) > > <fedora-34-prim...@fedoraproject.org>" [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to > > the owner. > > Primary key fingerprint: 8C5B A699 0BDB 26E1 9F2A 1A80 1161 AE69 > > 4571 9A39 > > I surmise this means that my computer's list of trusted signatures > > needs to be brought up to date (actually it may not even exist). > > How > > can this be done? A link to info would suffice. > > There's nothing wrong with that output. The warning is > simply telling you that the Fedora key isn't signed by a key > you've marked as trusted. > > As an aside, we (the royal we, as in folks in the Fedora > community who maintain the website) should change the > verification step to recommend gpgv rather than the gpg > command. It would require making the fedora.gpg a > de-armored file, but then it the instructions would be > simpler.
Just as I thought. So... How do I mark a key as trusted? What precautions are needed to be sure that the key should actually be trusted? -- Thanks - Jonathan Ryshpan <jonr...@pacbell.net> Those who have put out the eyes of the people reproach them for their blindness. -- Milton
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
