I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
signatures received the following output:
[user@rubbish ~]$ gpg -v --verify
gpg: armor header: Version: GnuPG v2
gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
gpg: using PGP trust model
gpg: Good signature from "Qubes OS Release 3 Signing Key"
gpg: binary signature, digest algorithm SHA256
[user@rubbish ~]$ gpg --list-sig 03FA5082
pub   4096R/03FA5082 2014-11-19
uid                  Qubes OS Release 3 Signing Key
sig          36879494 2014-11-19  Qubes Master Signing Key
sig 3        E2986940 2016-01-04  [User ID not found]
sig 3        03FA5082 2014-11-19  Qubes OS Release 3 Signing Key

As you can see signature E2986940 is unknown. I imported this key, it
belongs to "Kabine Diane <kabi...@me.com>"
This seems very suspicious. Should I delete the iso and try a fresh

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to