On 2/26/2019 at 3:28 PM, "Stefan Claas" <s...@300baud.de> wrote:And maybe another FOSS point? How about issuing Warrant Canaries?
I have seen that VeraCrypt does this. ===== Yes. The latest one is here: https://www.idrix.fr/VeraCrypt/canary.txt Interesting, but it still boils down to *trust*. I would trust WK and the GnuPG team even if they didn't *sign* a Warrant Canary (i / we all, sort-of trust the verification of the new GnuPG releases, with his sig), And if we *don't trust*, then signing a Warrant Canary with the same signing key as the GnuPG release, wouldn't help ;-) vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users