Please note, I absolutely never use Microsoft anything, I do not use gpg4win, and I cannot check this myself. I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 beta[1] with post-quantum encryption; everyone should use PQC *yesterday*.[2] Since the user does not yet have a bootstrap gpg, they cannot verify the PGP signature from Werner Koch’s dist signing key. The user wisely tried to verify package integrity with Microsoft code signing, and asked me what the expired cert error meant instead of ignoring it.
Good user! Do not ignore certificate validation errors! Complain loudly!
Always, [email protected] [0] https://gpg4win.org/package-integrity.html [1] https://gpg4win.org/version5.html [2] https://lists.gnupg.org/pipermail/gnupg-users/2025-January/067441.html -- A makeshift way to distribute my current PQ-PGP (LibrePGP v5) key: https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key Fingerprint: 01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
