How can I verify the release archive? about easy-rsa HOT 4 CLOSED

I have the same issue.

from easy-rsa.

The release for 2.2.2 was signed with key ID 390D0D0E. Non-beta releases will continue to use this key. We will clarify this once the 3.x series has an official release.

ecrist@terrance:/easy-rsa-> fetch https://github.com/OpenVPN/easy-rsa/releases/download/2.2.2/EasyRSA-2.2.2.tgz
EasyRSA-2.2.2.tgz 100% of 10 kB 30 MBps 00m00s
ecrist@terrance:/easy-rsa-> fetch https://github.com/OpenVPN/easy-rsa/releases/download/2.2.2/EasyRSA-2.2.2.tgz.sig
EasyRSA-2.2.2.tgz.sig 100% of 287 B 1686 kBps 00m00s
ecrist@terrance:~/easy-rsa-> gpg --verify EasyRSA-2.2.2.tgz.sig
gpg: Signature made Sun Nov 10 22:43:56 2013 EST using RSA key ID 390D0D0E
gpg: Good signature from "Eric F Crist [email protected]"
gpg: aka "Eric F Crist [email protected]"
gpg: aka "[jpeg image of size 78808]"
gpg: aka "Eric Crist [email protected]"

from easy-rsa.

EasyRSA 3.x is now release, where could we find the information about how verifying the archive signature?
Especially how to avoid the warning:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

from easy-rsa.

Go to the release page and you can see signature information there. The warning you are seeing is a simple GPG warning. To get rid of that you need to add and trust the signature used to sign the releases.

from easy-rsa.