On 26/07/13 17:31, Jan wrote:
> I'm thinking of someone how uses windows and wants to install gnupg for the
> first time. How can he/she rely on OpenPGP?
By running a Linux Live CD to do the verification. How does he know the CD is
genuine? The thing is, somewhere the trust has to start. It's a bo
Thanks for the answers.
If an attacker would modify the archive on
the gnupg.org server, he would also need to change
the independent archives like gmane etc. I pretty sure
this will be spotted relatively soon.
I did a google search for the subject of your email, in which you announced
the n
On Thu, 25 Jul 2013 21:33, takethe...@gmx.de said:
> Which mailing lists are meant? Can't emails be tempered, too? If I've
The GnuPG mailing list and all the mailing list archives. If an
attacker would modify the archive on the gnupg.org server, he would also
need to change the independent archi
Hi everybody,
on http://www.gnupg.org/download/integrity_check.en.html
SHA1 sums of gnupg software are published and it is said:
"To be sure that this page has not been tampered, you may want to
compare the list below with the one included in the announcement mail
posted to several mailing lis