new user anxiety

Michael Talbot-Wilson mtw at
Mon Apr 16 06:12:01 CEST 2012

Found nothing in the FAQ on this.

I thought I'd start using gnupg, got the latest version and went

gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2


gpg: Signature made Tue 27 Mar 2012 19:33:35 CST using RSA key ID
gpg: Good signature from "Werner Koch (dist sig)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25

Just wondering who is masquerading as a guy named Werner Koch and
necessarily using an untrusted key.  Maybe my named has been got at
and I'm not getting gnupg-2.0.19.tar.bz2 from where I think, right?
What is the IP address of the genuine site, can anyone tell me?

Hum.  Found the same re the character who supposedly signed GNU Hello,
one Karl Something-or-other.  Same problem, someone faking his
identity...?  (Assuming he exists, of course.)  Is this normal?  Why
the capitalized WARNING if it's normal? What's going on?  A newbie'd
like to know.

More information about the Gnupg-users mailing list