-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 25/07/18 04:31, john doe wrote: > Also verifying signature using gnupg and checksum is a must > (sha512). Such verification is suspect, anyone can create gpg keys for anyone (so trust in the keys used is essential, but more difficult to attain) and if you download "supporting" files from a site, then the checksums and signatures can verify perfectly well ..... but the product is still suspect. Cheers A. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAltYDTgACgkQqBZry7fv4vt0VgEA1Cx87E2K9PHmEULOTERoFUUb zZiLtUyhoGJBT43DTWkA/jAmGWRc+NxWZ16bRDmWYkwWdy1ArYQbZedfQI75d43+ =9all -----END PGP SIGNATURE-----