Can't verify checksums gpg key during installation

[ArtemZ]

Type of question

Security / installation

Question

What did you do?

Followed installation documentation at https://sdk.operatorframework.io/docs/installation/

Ran the following commands to verify checksums

$ export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.39.1
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E
gpg: key 052996E2A20B5C7E: public key "Operator SDK (release) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt
$ curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
$ gpg -u "Operator SDK (release) <[email protected]>" --verify checksums.txt.asc

What did you expect to see?

I expected to see no errors or warning during checksum validation as specified in the installation documentation

What did you see instead? Under which circumstances?

$ gpg -u "Operator SDK (release) <[email protected]>" --verify checksums.txt.asc
gpg: assuming signed data in 'checksums.txt'
gpg: Signature made Tue 14 Jan 2025 12:01:39 PM EST
gpg:                using RSA key 8613DB87A5BA825EF3FD0EBE2A859D08BF9886DB
gpg: Good signature from "Operator SDK (release) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3B2F 1481 D146 2380 80B3  46BB 0529 96E2 A20B 5C7E
     Subkey fingerprint: 8613 DB87 A5BA 825E F3FD  0EBE 2A85 9D08 BF98 86DB

Environment

Operator type:
N/A

Kubernetes cluster type:

N/A

$ operator-sdk version

N/A

$ go version (if language is Go)

N/A

$ kubectl version

N/A

Additional context

No

[acornett21]

• Duplicate: Installation: WARNING: This key is not certified with a trusted signature! #6853