Add another possible reason for "WARNING: This key is not certified...

...with a trusted signature! There is no indication that the signature
belongs to the owner."

With this edit, I'm aiming to assist the beginner reader who walked the
following breadcrumbs:

Should I trust this website?
==> verify the PGP signatures on the commits and/or tags

Detailed steps suggested by the docs along these breadcrumbs:
1) `git clone git@github.com:QubesOS/qubesos.github.io.git`
2) Verify the PGP sigs on the commits and/or tags
  a) get properly validated GPG keys (available in the Qubes Security Pack)
    i.   `git clone https://github.com/QubesOS/qubes-secpack.git`
    ii.  `gpg --import qubes-secpack/keys/*/*`
    iii. Verify/trust the QMSK (details given on the page)
  b) `cd qubesos.github.io`
  c) `git verify-commit 45ca80e8` (one of Andrew's recent commits)

RESULT: The WARNING pops up, because the user has not yet ultimately PGP
  trusted Andrew's E11D 15C6 D204 3576 9FFA  A456 8CE1 3735 2A01 9A17
  key.
This commit is contained in:
Dave Smith 2021-07-18 01:19:48 -05:00
parent 649babd88c
commit b59cbe5420
No known key found for this signature in database
GPG Key ID: 9D496637D81484A6

View File

@ -595,10 +595,13 @@ first.](#3-verify-your-qubes-iso))
### Why am I getting "WARNING: This key is not certified with a trusted
signature! There is no indication that the signature belongs to the owner."?
Either you don't have the [Qubes Master Signing
Key](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity), or you
didn't [set its trust level
correctly](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity).
Several possibilities:
* you don't have the [Qubes Master Signing
Key](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity)
* you didn't [set its trust level
correctly](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity)
* in the case of verifying a Git commit or tag, you haven't yet chosen to
place ultimate PGP trust in the individual signer's key
### Why am I getting "X signature not checked due to a missing key"?