gnupg – What should I do next? WARNING: This key is not certified with a trusted signature. There is no indication that the signature belongs to the owner

I had recently downloaded a (very popular)file from the internet. I got the above warning while executing gpg verify. So, what should I do to get the right file to download? Should I notify the website owner/mamager? Or try downloading the file later?
This is what I had done:

  1. Downloaded three files(main file, *.asc and *.sha{By the way, is it better (than downloading directly) the *.asc and *.sha files, be created manually by reading the text published?})
  2. ran gpg verify command and it said key server not available
  3. ran gpg with keyserver( and recv-key((I suppose its the key’s fingeprint) from previous step) it said there is a new key with no userid so it has been skipped
  4. (Please inform me if this is wrong:) I took the new key(key’s fingeprint) and queried for it in another key server then it said that the new key has been imported(after few duplicates being deleted and reordered). Now it showed a guy’s email id.
  5. Repeated step 2. Then it showed the usual(rsa,name, emailid etc.) and the above warning(in the title)

Also I ran gpg –list –sigs and it didn’t show different names(i.e., to confirm that the user who signed is someone whom they had contacted/belongs to web of trust)(If I had understood the concept correctly!)