Hi,
Jonathan Ryshpan wrote:
While verifying my download of Fedora-34, I encounter this message: $ gpg --verify-files *-CHECKSUM gpg: Signature made Fri 23 Apr 2021 12:36:44 PM PDT gpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39 gpg: Good signature from "Fedora (34) fedora-34-primary@fedoraproject.org" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8C5B A699 0BDB 26E1 9F2A 1A80 1161 AE69 4571 9A39 I surmise this means that my computer's list of trusted signatures needs to be brought up to date (actually it may not even exist). How can this be done? A link to info would suffice.
There's nothing wrong with that output. The warning is simply telling you that the Fedora key isn't signed by a key you've marked as trusted.
As an aside, we (the royal we, as in folks in the Fedora community who maintain the website) should change the verification step to recommend gpgv rather than the gpg command. It would require making the fedora.gpg a de-armored file, but then it the instructions would be simpler.