Roundcube Community Forum
News and Announcements => General Discussion => Topic started by: rokj on December 28, 2020, 05:55:57 AM
-
Hi,
I tried importing, verifying gpg key and got ... is this ok?
gpg --verify roundcubemail-1.4.10-complete.tar.gz.asc roundcubemail-1.4.10-complete.tar.gz
gpg: Signature made ned 27 dec 2020 22:58:11 CET
gpg: using RSA key 8970E37A698AF775D87D590DC2946A9609CD56B4
gpg: issuer "devs@roundcube.net"
gpg: Good signature from "Roundcube Developers <devs@roundcube.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5
Subkey fingerprint: 8970 E37A 698A F775 D87D 590D C294 6A96 09CD 56B4
-
The primary key fingerprint appears correct and the signature has verified so I think it is ok.
You can read more about the trusted signature warning here https://security.stackexchange.com/questions/147447/gpg-why-is-my-trusted-key-not-certified-with-a-trusted-signature