Hi I'm new in security aspects and I'm trying to download an Apache tool named Axis2 for web services.
My problem is that when I click the download link a page saying this site it's not secure and then a few options are given to me, the one that says take me out and another that says I now what I'm doing, my question is that how a big site like Apache.org have this kinds of insecure download links?? and what should I do in this case should I download the file or I shouldn't.
$ gpg axis2-1.6.3-bin.zip.asc
gpg: assuming signed data in `axis2-1.6.3-bin.zip'
gpg: Signature made Sat 27 Jun 2015 07:08:05 PM EDT using RSA key ID EE08B906
gpg: Good signature from "Andreas Veithen (CODE SIGNING KEY) <email@example.com>"
gpg: aka "Andreas Veithen <firstname.lastname@example.org>"
gpg: aka "Andreas Veithen (CODE SIGNING KEY) <email@example.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2D3C 43AC 36E5 BCFC 9696 F996 CE13 E82A EE08 B906