我正在关注https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview下载 Ubuntu ISO 文件。我运行gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS
并得到以下结果
gpg: Signature made Thu Feb 23 19:06:28 2023 CET
gpg: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
我该如何解读上述内容?ISO 文件是否干净且值得信赖?
我在 Microsoft WSL2 下运行代码。
ISO 文件是http://releases.ubuntu.com/jammy/ubuntu-22.04.2-桌面-amd64.iso