understanding the output in Solus' three-part .iso verification

brent

soon I will be installing a fresh budge bare metal on an SSD. I downloaded from Solus the Budgie ISO.
I went through Solus's 3 part verification: Steps 1 and 3 successful. Step 2 I am unsure.

2) gpg --verify <Signed File>.sign <File>.sha256sum
gpg --verify Solus-4.3-Budgie.iso.sha256sum.sign Solus-4.3-Budgie.iso.sha256sum
gpg: Signature made Sun 11 Jul 2021 05:27:32 AM MST
gpg: using RSA key 96B4A0291094A86A2B7E3367DD672FE9A2BE5892
gpg: Good signature from "Joshua Strobl (Personal) joshua@stroblindustries.com" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 96B4 A029 1094 A86A 2B7E 3367 DD67 2FE9 A2BE 5892
que paso?^^^^

Question: my hunch this is some tiny glitch because Josh is gone/chain of custody thing? Is .iso kosher/not kosher?

moving from HDD to SSD soon, just want me ducks in a row. Thank you. If this was covered recently forgive me if I missed it.

Harvey

This is how it has always been and is perfectly fine. The only line that matters from step 2 is:

gpg: Good signature

brent

Harvey thanks Harvey its been a long time since I verified. Kosher it is. I move forward then. Was going to ask you to mark Solved but yer on it!