Downloading ISO and verifying signature not giving result shown in instructions
Instructions for verifying an ISO manually through OpenPGP in Tails say this:
After the verification finishes, you should see a notification that the signature is good:
tails-amd64-3.3.iso: Good Signature
Signed by on ...
When doing it exactly as described by the instructions, I get this output:
tails-amd64-3.8.iso: Untrusted Valid Signature
Valid but unstrusted signature by on ...
So, someone doing the verification as described by the instructions has to assume that the iso is in some way malicious since it does have an untrusted signature.
Is the documentation wrong, or is there a problem with the ISO?
#1 Updated by mercedes508 about 1 year ago
- Status changed from New to Confirmed
- Assignee set to sajolida
- Priority changed from High to Normal
- Type of work changed from Research to End-user documentation
Effectively unless you already marked Tails singning key as trusted, it might be confusing for users not so used to GPG...
The corresponding you be updated accordingly I guess.
We receive often requests from users about this problem.
They are not good at gpg and I think the install pages https://tails.boum.org/install/*/usb-download/index.en.html make it look like they have to do the gpg verification step (even if it says it is optional) and they get scared because that is not what they see. So, either we change the docs, or we make the key trusted on the ISO.