I just want to check if the ISO I’ve just downloaded passed the verification.
gpg and got this:
Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 4
Then I entered
gpg> save Key not changed so no update needed.
gpg --verify EndeavourOS_Atlantis_neo-21_5.iso.sig
gpg: Good signature from "EndeavourOS <firstname.lastname@example.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
The fingerprint from my terminal matches the fingerprint on the website.
So I’m cool?