2017-02-17 13:45 GMT+01:00 Ricardo Wurmus <rekado@elephly.net>:

Catonano <catonano@gmail.com> writes:

> $ ls
> Fedora-Workstation-25-1.3-x86_64-CHECKSUM
> Fedora-Workstation-Live-x86_64-25-1.3.iso
> guixsd-usb-install-0.12.0.x86_64-linux
> guixsd-usb-install-0.12.0.x86_64-linux.xz.sig

Looks like you’ve already unpacked the xz archive. It should work fine
before unpacking.

Right, sorry for the noise

So, this is it now

$ gpg --verify guixsd-usb-install-0.12.0.x86_64-linux.xz.sig
gpg: i dati sono probabilmente firmati in "guixsd-usb-install-0.12.0.x86_64-linux.xz"
gpg: Firma eseguita in data mer 21 dic 2016 13:46:39 CET usando RSA, ID chiave 235FACAC
gpg: lookup_hashtable failed: eof
gpg: Firma valida da "rekado <rekado@elephly.net>"
gpg: lookup_hashtable failed: eof
gpg: ATTENZIONE: questa chiave non è certificata con una firma fidata.
gpg: Non ci sono indicazioni che la firma appartenga al proprietario.
Impronta digitale chiave primaria: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC

There' s a warning

data probably signed in "guixsd-usb-install-0.12.0.x86_64-linux.xz"
...

this key is not certified with a trusted signature

There are no indications that the signature actually belongs to its owner

is this good enough ?