Could someone ok what I have done as I'm a bit worried about this!

1 I've changed the permissions on home/username/.gnupg to 'Forbidden' for 'Group' and 'Others' because of that security warning in the post above.
This is very worrying as i cloned the git, then received that warning when trying to verify it. Did it set itself up incorrectly?

Anyway, I pressed on and

2 Reinstalled Git with "git checkout v0.96.1" which worked and I got back "HEAD is now at a3492eld.... bump version"

3 Imported Goatpigs PGP key with:
gpg --import file.txt



4 When I run:

5 gpg --recv-keys --keyserver keyserver.ubuntu.com 4922589A

6 I get :

gpg: key xxxx1176492xxxxx: "goatpig (Offline signing key for Armory releases) <moothecowlord@gmail.com>" 4 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:         new signatures: 4


continuing anyway, I run
cd /bitcoinarmory

then
$ git tag -v v0.96.1

and I get
object xxxxx1d30ca7256xxxxxxxxx97b9d5bc539c1e
type commit
tag v0.96.1
tagger goatpig <mootxxxxxord@gmail.com> 1501092062 +0200

v0.96.1
gpg: Signature made Wed 26 Jul 2017 19:01:02 BST
gpg:                using RSA key 8C5211764922589A
gpg: Good signature from "goatpig (Offline signing key for Armory releases) <moothecowlord@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: xxxx 707F xxxx 968B DF63  xxxx 8C52 1176 xxxx xxxx


I added xxx's to hide any potentially sensitive stuff


Does anyone know where I am going wrong?