I downloaded the ISO again today and this is what appears in the terminal at the end of the verification process:
Code: Select all
markov@host /home/ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: public key "Linux Mint ISO Signing Key <root@linuxmint.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
markov@host /home/ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Thu 29 Jun 2017 06:13:16 PM CEST using RSA key ID A25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
markov@host /home/ISO $
What does that mean?
On the other hand, how do I check whether my current system is safe?
I thought that if this ISO is authentic, and all of the other ISOs installed in the last few days are, maybe no one altered it.