Is this the correct response to verifying the signature? The warning is worrying…
$ gpg --verify “sqlcipher-for-android-community-v3.3.0.zip.sig” "sqlcipher-for-
gpg: Signature made 03/26/15 10:52:50 using RSA key ID 67FD0322
gpg: Good signature from "Zetetic LLC email@example.com"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D83F 5F9E B811 D6E6 B4A0 D9C5 D1FA 3A2A 97ED 25C2
Subkey fingerprint: A4EA 79E6 49E7 45B9 2117 A56F 0CB9 9EE2 67FD 0322