On Jul 26, 2013, at 4:02 PM, "Jan" <takethe...@gmx.de> wrote:
Still I wonder whether there are many sources for SHA1 sums of gpg4win, that could be used by a windows user to test the integrity of his download (C't ?). Are the SHA1 sums of gpg4win presented on the download site checked regularly by their authors?
If we believe Edward Snowden, the Security Services likely aren't working to slip secret code into GPG anymore. Or at least it's not a huge effort. With the endpoints (operating systems, software, etc) they don't have to. There are a million different ways that a security service could get at your data even if your encryption software is absolutely perfect an unvompromised. Honestly, I'd worry much more about the surround environment than the gpg code itself. That's not to say ignore the code and it's integrity, but don't fall into the trap of believing that, just because the badges check out, you're completely safe.
Best Regards, Anthony Papillion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
