I tried verifying twice with direct download of fedora 32 workstation and once with torrent download(Fedora-Workstation-Live-x86_64-32). What can I do to fix this? Am I using the commands wrong? I just copy pasted them from here.
Hi @doraelixir, welcome to the Fedora community!
If you’ve not had a chance yet, please look at the #start-here category. It has some very useful information on using the forum and tips on Fedora usage.
All good. You see the line where it lists the iso that you verified? Behind it, it says: OK. That’s what you were looking for.
(The warning is about keys for 19 other isos you didn’t download but that are part of the CHECKSUM file.
Also, the gpg verify-files said “Good signature…” That tells you the tarball is consistent with the signature file. The warning tells you that gpg can’t assure you that the signature itself came from whoever you hoped it did. Well-run distros may serve the tarballs from a broad array of mirrors, but they keep the signature file under tighter control, so “Good signature…” is adequate for ordinary folks’ hobby purposes.