A short reference table for gpg verify errors on a WeTheNorth rotation.
BAD signature
Meaning. The file has been altered after signing, or was signed by a different key.
Action. Do not use the address inside. Report the message to the pinned Dread thread so other readers see the warning.
Can't check signature: No public key
Meaning. The operator key is not on your keyring yet.
Action. Import the operator key first (see the importing reading), then re-run gpg --verify.
Signature made ... by different key ID
Meaning. The message is signed by a key other than the operator.
Action. Do not import the mystery key. Do not use the address inside.
Signature made ... (expired)
Meaning. The signing key expired.
Action. Do not trust until the operator publishes a fresh signing key under the outgoing one. Wait for clarification.
WARNING: This key is not certified with a trusted signature
Meaning. You have not personally signed the operator key with your own key.
Action. Ignore. This is expected. What matters is the Good signature line above.
gpg: no valid OpenPGP data found
Meaning. The file you passed is not a valid PGP signed message. Usually because you copied only part of the envelope.
Action. Re-copy the whole envelope from -----BEGIN PGP SIGNED MESSAGE----- to -----END PGP SIGNATURE----- including headers and blank lines. Retry.