Signature debian CDs
I downloaded the netinst CD image for the installation of debian. I
have an Ubuntu computer where I checked the md5sum and the sha1sum. I
also tried to check the signature doing the following:
gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
gpg --verify MD5SUMS.sign MD5SUMS
Is this the right procedure?
I get a warning:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
How does gpg check the authenticity of keyring.debian.org? Does it
check it through a master keyserver?