Dear Void community
Update: I have googled for the warning message below and come to the conclusion this is a common message and nothing to be worried about. Problem solved
When verifying the digital signature of sha256sums.txt.sig according to the instructions on the “Download” section, I get the following message:
gpg: assuming signed data in 'sha256sums.txt’
gpg: Signature made Sun Oct 8 00:18:35 2017 CEST
gpg: using RSA key CF24B9C038097D8A44958E2C8DEBDA68B48282A4
gpg: Good signature from “Void Linux Image Signing Key firstname.lastname@example.org” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CF24 B9C0 3809 7D8A 4495 8E2C 8DEB DA68 B482 82A4
The “Good signature from …” line is here, but I’m a bit uncertain about the “WARNING” line, because it is not mentioned in the instructions. Is that line something to worry about?