It seems the underliying problem here is that one should better enter the command echo “B74EA2162376765BEAC3AE4345F4C354638D1F29:6:” | gpg --import-ownertrust
after importing the key to mark the signature owner as a trusted source.
The gpg --verify command works more or less without this, but apparently KDE ISO Image Writer takes that warning too seriously, and even misinterprets it, which can be regarded as a bug.
1 Like