On Thu, 22 Aug 2024 14:01, Björn Persson said: > next version of GPG that way. To anyone who doesn't already have GPG, > HTTPS is the best integrity protection they will get.
Not really. This does not protect the files on the server. Only the .sig and the checksums posted to several places can give you assurance that the tarball or binary has been produced at a place the developer/maintainer has under some control. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
