Hey! I think you will find an already answered thread on this mailing list ;)
https://mailman.boum.org/pipermail/tails-support/2017-January/001057.html If signature is good, it's good... :) Have fun with. Socman : > Recently when downloading and verifying the Tails 2.10 iso file, I > kept getting the messege: "Valid signature, but untrusted". Tried > three times, using Firefox Tails Download and Verify, via Torrent and > using the PGP method. In all cases the same verification messege. > Finally downloaded via command line, including verification and got > this... > > " computer@computer ~ $ gpg --keyid-format 0xlong --verify > tails-i386-2.10.iso.sig tails-i386-2.10.iso > gpg: Signature made Mon 23 Jan 2017 09:41:51 PM CST > gpg: using RSA key 0x98FEC6BC752A3DB6 > gpg: Good signature from "Tails developers (offline long-term identity key) > <[email protected]>" > gpg: aka "Tails developers <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F > Subkey fingerprint: BA2C 222F 44AC 00ED 9899 3893 98FE C6BC 752A 3DB6 > > Now the signature did verify through the trust network, but it remains that > this key is a "good signature....but not trusted". > > What gives? Can I trust my download? -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
