Ineiev's comment raises another good point - this would be a good candidate for a GNU article if there is not one already
the point being that community building is itself a tool to this end - it can be recommended that rather than trusting implicitly in anything that your web browser shows you, one could invest some time investigating some side-channels such as IRC and mailing lists where they could become familiar first-hand with the developers and other users of their operating system; and perhaps verify the key fingerprints found on the web with other users, and adding them to their personal keyring before downloading anything
signature.asc
Description: This is a digitally signed message part