Home | News | Download | Packages | Forum | Wiki | Github

[Solved] Digital signature ok?


#1

Dear Void community

Update: I have googled for the warning message below and come to the conclusion this is a common message and nothing to be worried about. Problem solved :grinning:

When verifying the digital signature of sha256sums.txt.sig according to the instructions on the “Download” section, I get the following message:

gpg: assuming signed data in 'sha256sums.txt’
gpg: Signature made Sun Oct 8 00:18:35 2017 CEST
gpg: using RSA key CF24B9C038097D8A44958E2C8DEBDA68B48282A4
gpg: Good signature from “Void Linux Image Signing Key images@voidlinux.eu” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CF24 B9C0 3809 7D8A 4495 8E2C 8DEB DA68 B482 82A4

The “Good signature from …” line is here, but I’m a bit uncertain about the “WARNING” line, because it is not mentioned in the instructions. Is that line something to worry about?
Many thanks!