Matthew Miller wrote:
> GPG's concept of trust is ... well-meaning, but not user friendly. You can
> trust the key you just imported because you just downloaded it from the
> official Fedora website via https. GPG, however, does not know that. So, it
> gives this error. You can use the `gpg --edit-
On Thu, 11 Feb 2021 at 15:31, Matthew Miller
wrote:
> On Thu, Feb 11, 2021 at 08:52:51AM -0800, Jonathan Ryshpan wrote:
> > The verification fails with this message:
> > $ gpg --verify-files *-CHECKSUM
> > gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
> > gpg:using RSA key
>
On Thu, Feb 11, 2021 at 08:52:51AM -0800, Jonathan Ryshpan wrote:
> The verification fails with this message:
> $ gpg --verify-files *-CHECKSUM
> gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
> gpg: using RSA key
> 963A2BEB02009608FE67EA4249FD77499570FF31
> gpg: Good signature
On Thu, 11 Feb 2021 at 12:54, Jonathan Ryshpan wrote:
> I have downloaded the Fedora-33 KDE spin and am attempting to verify it.
> Following the instructions (appended below for convenience) I have:
>
>- Imported the keys using curl (where do they go?) and
>- Verified the CHECKSUM file us
I have downloaded the Fedora-33 KDE spin and am attempting to verify
it. Following the instructions (appended below for convenience) I
have:
* Imported the keys using curl (where do they go?) and
* Verified the CHECKSUM file using gpg
The verification fails with this message:
$ gpg --verify-fil
