Upgrade to Fedora-26 vs gpg download verification

Thu, 27 Jul 2017 09:51:35 -0700 

Upgrading from f25 to f26, I have just downloaded Fedora-KDE-Live-x86_64-26-
1.5.iso and am attempting to verify it according to the instructions on the
download website, which advise me to run:
    $ curl     https://getfedora.org/static/fedora.gpg     | gpg --import
    $ gpg --verify-files *-CHECKSUM

I find the output, which follows, somewhat suspicious; but I don't know what to 
make of it. Please excuse my extreme ignorance.
    $ curl     https://getfedora.org/static/fedora.gpg     | gpg --import
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                     Dload  Upload   Total   Spent    Left  
Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    
 0gpg: key 81B46521: "Fedora (24) <    fedora-24-prim...@fedoraproject.org    
>" not changed
    100 18521  100 18521    0     0  13126      0  0:00:01  0:00:01 --:--:-- 
13135
    gpg: key 030D5AED: "Fedora Secondary (24) <    
fedora-24-second...@fedoraproject.org    >" not changed
    gpg: key FDB19C98: "Fedora 25 Primary (25) <    
fedora-25-prim...@fedoraproject.org    >" not changed
    gpg: key E372E838: "Fedora 25 Secondary (25) <    
fedora-25-second...@fedoraproject.org    >" not changed
    gpg: key 64DAB85D: "Fedora 26 Primary (26) <    
fedora-26-prim...@fedoraproject.org    >" not changed
    gpg: key 3B921D09: "Fedora 26 Secondary (26) <    
fedora-26-second...@fedoraproject.org    >" not changed
    gpg: key F5282EE4: "Fedora 27 (27) <    fedora...@fedoraproject.org    >" 
not changed
    gpg: key 0608B895: "EPEL (6) <    e...@fedoraproject.org    >" not changed
    gpg: key 352C64E5: "Fedora EPEL (7) <    e...@fedoraproject.org    >" not 
changed
    gpg: Total number processed: 9
    gpg:              unchanged: 9
    $ gpg --verify-files *-CHECKSUM
    gpg: Signature made Fri Jul  7 08:13:35 2017 PDT using RSA key ID 64DAB85D
    gpg: lookup_hashtable failed: eof
    gpg: Good signature from "Fedora 26 Primary (26) <    
fedora-26-prim...@fedoraproject.org    >"
    gpg: lookup_hashtable failed: eof
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the 
owner.
    Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D

Thanks - jon
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to