Hello, On Mon, Jan 22, 2018 at 01:32:39PM -0500, Evan Rowley wrote: > gpg: Good signature from "Ludovic Courtès <[email protected]>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 > > The 2nd & 3rd to last lines seem somewhat concerning. This is the message I > recieve even after following the step to add the public key from the MIT > server.
this is expected, and it means that you did not assign any trust value to the key used for signing. To simplify things extremely, it means that the software was signed by the key "3CE4...", but that you do not know Ludovic Courtès, and in particular do not know that this key really belongs to the Ludovic Courtès person as it is claimed. So things are fine, no need to worry. Andreas
