[gnutls-help] gpg verify issue with 3.4.9

Mark Rager toastedmilk at gmail.com
Wed Mar 2 03:57:02 CET 2016

Please forgive me if I have made any egregious errors in my process, I was
unable to find an associated IRC channel for this project.  I recently
obtained 3.4.9 from gnutls.org and with the provided key was unable to
validate the authenticity of the download.

$ gpg --fetch-keyshttp://members.hellug.gr/nmav/pgpkeys.asc

gpg: keyring `/home/USER/.gnupg/secring.gpg' created
gpg: key 96865171: public key "Nikos Mavrogiannopoulos <nmav at gnutls.org>"
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

$ gpg --verify gnutls-3.4.9.tar.xz.sig gnutls-3.4.9.tar.xz

gpg: Signature made Wed 03 Feb 2016 02:23:48 AM CST using RSA key ID
gpg: Good signature from "Nikos Mavrogiannopoulos <nmav at gnutls.org>"
gpg:                 aka "Nikos Mavrogiannopoulos <
n.mavrogiannopoulos at gmail.com>"

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the

Primary key fingerprint: 1F42 4189 05D8 206A A754  CCDC 29EE 58B9 9686 5171
    Subkey fingerprint: A812 CBFD FCDC 4D0B E7A0  9312 9D5E AAF6 9013 B842

Have I missed something here, or is this a security vulnerability?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160301/788d4ecf/attachment-0001.html>

More information about the Gnutls-help mailing list