> On 2016-09-16 04:41, amadaus wrote:
>> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
>> signatures received the following output:
>> [user@rubbish ~]$ gpg -v --verify
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
>> gpg: armor header: Version: GnuPG v2
>> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
>> 03FA5082
>> gpg: using PGP trust model
>> gpg: Good signature from "Qubes OS Release 3 Signing Key"
>> gpg: binary signature, digest algorithm SHA256
>> [user@rubbish ~]$ gpg --list-sig 03FA5082
>> pub 4096R/03FA5082 2014-11-19
>> uid Qubes OS Release 3 Signing Key
>> sig 36879494 2014-11-19 Qubes Master Signing Key
>> sig 3 E2986940 2016-01-04 [User ID not found]
>> sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
>
>> As you can see signature E2986940 is unknown. I imported this key, it
>> belongs to "Kabine Diane <
kab...@me.com>"
>> This seems very suspicious. Should I delete the iso and try a fresh
>> download?
>
>
> Answered previously here:
>
>
https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
>
Sorry to waste your time. I should've researched the issue more