Yes, this sounds scary but it is expected.
With GPG you can assign a
level of trust to keys. If there’s a signature on my key from a key
that you have marked as trusted (e.g. Ludo’s signature, and you mark
Ludo’s key as trustworthy), then the warning would change or disappear.
The warning just indicates that there is no “trust path” to my key.
If this were a forged signature you would see a scarier validation
error, not just a warning.