On Thu, 2017-07-27 at 14:41 -0400, Todd Zullinger wrote: > The warning here is telling you that gpg can't say with any certainty > that the key which made the good signature is a key you trust, because > the fedora key isn't signed by you or someone you have told gpg you > trust. > > This warning is, IMO, something which is completely reasonable to > ignore in this particular case. (It is an entirely valid warning and > in many other cases where you'd be verifying a gpg signature it would > be important inoformation that should affect your trust of a > signature.) > > Your trust in the fedora gpg key is intended to come from the fact > that you've downloaded it via https directly from the fedora site (as > opposed to getting it from a keyserver or a mirror). All trust starts > somewhere, after all. :) > > Hope that helps,
Thanks very much for this very helpful reply. jon _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
