Conversation:
Notices
-
How to make sure the #Enigmail file you downloaded is the real deal: 1) Download the file and its ‘Open PGP’ signature: http://status.hackerposse.com/url/7025 2) Learn that you must download the key the packages have been signed with: http://status.hackerposse.com/url/7026 3a) Download gpg-curl and configure gpg to download keys securely, as described in http://status.hackerposse…
- Joshua Judson Rosen likes this.
-
@rien You could post the OpenPGP fingerprint of the key which should sign the packages here as a third party reference ;)
-
For 3b) you're relying on the broken Certificate Authority system of PKI; you're "trusting" that your browser or OS is using only authentic certificates from Certificate Authorities that haven't abused the system to issue false certificates. Fortunately, once you've downloaded the !GnuPG key for Enigmail you can see whether it is trusted by following the Web of Trust. If you've sig…
-
Ack. s/who's/whose/ — I hate that particular #grammo (cf. !ytpo)