On Thu, 22 Aug 2024 14:01, Björn Persson said:

> next version of GPG that way. To anyone who doesn't already have GPG,
> HTTPS is the best integrity protection they will get.

Not really.  This does not protect the files on the server.  Only the
.sig and the checksums posted to several places can give you assurance
that the tarball or binary has been produced at a place the
developer/maintainer has under some control.



Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

Attachment: openpgp-digital-signature.asc
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to