Arch Linux

Tuxy

Member

Registered: 2015-04-26

Posts: 22

GPG Sig Warning

I get a warning when trying to verify iso sig. MD5 and SHA1 is correct. Any ideas ?

$ gpg --verify archlinux-2015.11.01-dual.iso.sig

gpg: assuming signed data in 'archlinux-2015.11.01-dual.iso'
gpg: Signature made Sun 01 Nov 2015 01:47:53 AM MST using RSA key ID 9741E8AC
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC

Last edited by Tuxy (2015-11-01 13:24:14)

---

--{ Using Arch Linux Since 2011-10-25 }--
Keybase @ https://keybase.io/tuxy
GitHub @ https://github.com/tuxy

WorMzy

Administrator

From: Scotland

Registered: 2010-06-16

Posts: 12,607

Website

Re: GPG Sig Warning

Presumably you haven't met Pierre and confirmed with him that 9741E8AC is really his key, and consequently marked it as trusted; therefore, all gpg can do is confirm that the file is signed by a key which claims to be owned by Pierre, and hasn't been altered since it was signed.

https://www.gnupg.org/gph/en/manual/x334.html

---

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.