Recently when downloading and verifying the Tails 2.10 iso file, I kept getting the messege: "Valid signature, but untrusted". Tried three times, using Firefox Tails Download and Verify, via Torrent and using the PGP method. In all cases the same verification messege. Finally downloaded via command line, including verification and got this...
" computer@computer ~ $ gpg --keyid-format 0xlong --verify tails-i386-2.10.iso.sig tails-i386-2.10.iso gpg: Signature made Mon 23 Jan 2017 09:41:51 PM CST gpg: using RSA key 0x98FEC6BC752A3DB6 gpg: Good signature from "Tails developers (offline long-term identity key) <[email protected]>" gpg: aka "Tails developers <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F Subkey fingerprint: BA2C 222F 44AC 00ED 9899 3893 98FE C6BC 752A 3DB6 Now the signature did verify through the trust network, but it remains that this key is a "good signature....but not trusted". What gives? Can I trust my download?
_______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
