2017-02-17 13:45 GMT+01:00 Ricardo Wurmus : > > Catonano writes: > > > $ ls > > Fedora-Workstation-25-1.3-x86_64-CHECKSUM > > Fedora-Workstation-Live-x86_64-25-1.3.iso > > guixsd-usb-install-0.12.0.x86_64-linux > > guixsd-usb-install-0.12.0.x86_64-linux.xz.sig > > Looks like you’ve already unpacked the xz archive. It should work fine > before unpacking. > > Right, sorry for the noise So, this is it now $ gpg --verify guixsd-usb-install-0.12.0.x86_64-linux.xz.sig gpg: i dati sono probabilmente firmati in "guixsd-usb-install-0.12.0.x86_64-linux.xz" gpg: Firma eseguita in data mer 21 dic 2016 13:46:39 CET usando RSA, ID chiave 235FACAC gpg: lookup_hashtable failed: eof gpg: Firma valida da "rekado " gpg: lookup_hashtable failed: eof gpg: ATTENZIONE: questa chiave non è certificata con una firma fidata. gpg: Non ci sono indicazioni che la firma appartenga al proprietario. Impronta digitale chiave primaria: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC There' s a warning data probably signed in "guixsd-usb-install-0.12.0.x86_64-linux.xz" ... this key is not certified with a trusted signature There are no indications that the signature actually belongs to its owner is this good enough ?