Untrusted public key signature
Popular easy-to-use and secure password manager
Brought to you by:
ronys
I'm pretty sure I've seen this before but I just want to verify that it's the "correct" result:
$ gpg --verify pwsafe-0.95BETA-src.tgz.sig pwsafe-0.95BETA-src.tgz gpg: Signature made Mon 29 Dec 2014 12:08:42 AM EST using RSA key ID 5CCF8BB3 gpg: Good signature from "Rony Shapiro (PasswordSafe Signing Key) <ronys@users.sourceforge.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3 $
It's fine.
The warning means that none of the key signers are in you trusted keys database.
You can verify the signature directly by searching PGP directories and/or looking at http://pwsafe.org/contact.shtml