GnuPG is telling you that you the signature is good, and does correspond to Ludovic's. The warning is showing that your GnuPG public keyring doesn't have any trust on that public key. That's OK. What we wanted is to get the "Good signature" message.
stry...@disintermedia.net.nz writes: > Following these instructions ... > https://www.gnu.org/software/guix/manual/guix.html#Binary-Installation > > I ran the commands for downloading the Guix binary and its .sig file > via FTP, and importing the required public key to very. I then ran: > gpg --verify guix-binary-0.13.0.system.tar.xz.sig > > The result was: >>> > gpg: Signature made Tue 23 May 2017 00:51:34 NZST using RSA key ID 3D9AEBB5 > gpg: Good signature from "Ludovic Courtès " > gpg: aka "Ludovic Courtès " > gpg: aka "Ludovic Courtès (Inria) " > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
