Gnash

To understand the definition on trust here you have to understand how encryption keys work. I would read the terminology section on the email encryption documentation for more info.

Here is a hypothetical scenario. Lets say one day I get an email from someone and it says "Hey this is marioger from the Trisquel message boards. Here is my GPG public key (XYZ) so now we can send encrypted emails." At this point the key WILL work and we can send encrypted emails and I know the emails I get came from the private key corresponding to (XYZ). But I don't trust the key because all I have is someone who emailed me, sent me a key, and CLAIMS to be marioger. Now, lets say then we meet in person and you produce two forms of ID like a passport and driver's license (that say you are marioger) and then tell me my key is (XYZ). At this point I probably will trust that key (XYZ) does in fact belong to marioger.

Basically I could make an encryption key that says I am Barrack Obama or George Bush. You shouldn't trust that unless you verify it. There is another thing called the web of trust which is a little beyond this. But basically lets say I get an email with a key saying it is from Barrack Obama. However, if it is signed by a bunch of my friends or family who I KNOW are meticulous with their keysigning (they check identities) then I might trust the key. But that is beyond the scope of this little post. Lastly, this kind of trust is trust in identity. It is different then "Here hold my wallet" kind of trust.

So what it is saying is you are adding this PGP key from the PPA to your system but at the current point in time it is untrusted in the sense that you haven't verified where it came from.

The unsupported part is pretty obvious. It means because you are using external software sources Trisquel won't support it.

To understand the definition on trust here you have to understand how
encryption keys work. I would read the terminology section on the
[https://trisquel.info/en/wiki/email-encryption email encryption
documentation] for more info.

Here is a hypothetical scenario. Lets say one day I get an email from
someone and it says "Hey this is marioger from the Trisquel message boards.
Here is my GPG public key (XYZ) so now we can send encrypted emails." At
this point the key WILL work and we can send encrypted emails and I know the
emails I get came from the private key corresponding to (XYZ). But I don't
trust the key because all I have is someone who emailed me, sent me a key,
and CLAIMS to be marioger. Now, lets say then we meet in person and you
produce two forms of ID like a passport and driver's license (that say you
are marioger) and then tell me my key is (XYZ). At this point I probably
will trust that key (XYZ) does in fact belong to marioger.

Basically I could make an encryption key that says I am Barrack Obama or
George Bush. You shouldn't trust that unless you verify it. And this kind
of trust is trust in identity. It is different then "Here hold my wallet"
kind of trust.

So what it is saying is you are adding this PGP key from the PPA to your
system but at the current point in time it is untrusted in the sense that you
haven't verified where it came from.