I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
signatures received the following output:
[user@rubbish ~]$ gpg -v --verify
gpg: armor header: Version: GnuPG v2
gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
gpg: using PGP trust model
gpg: Good signature from "Qubes OS Release 3 Signing Key"
gpg: binary signature, digest algorithm SHA256
[user@rubbish ~]$ gpg --list-sig 03FA5082
pub 4096R/03FA5082 2014-11-19
uid Qubes OS Release 3 Signing Key
sig 36879494 2014-11-19 Qubes Master Signing Key
sig 3 E2986940 2016-01-04 [User ID not found]
sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
As you can see signature E2986940 is unknown. I imported this key, it
belongs to "Kabine Diane <kabi...@me.com>"
This seems very suspicious. Should I delete the iso and try a fresh
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.