reply on: The Curious Case of Digital Signatures \ stacker news ~crypto

pull down to refresh

0 sats \ 5 replies \ @ek OP 25 Feb 2024 freebie \ parent \ on: The Curious Case of Digital Signatures crypto

Best way is to spread your key fingerprint around imo.

If you only use one site as the source of trust, it's a single point of failure. Even if it's Github.

I have to do that myself, still figuring things out around PGP keys

0 sats \ 4 replies \ @Natalia 25 Feb 2024

agree, and some of them are quite hard to search, e.g. Mullvad VPN, I couldn't find it in other places besides their site, madness.

updated
github ☑️ https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6

0 sats \ 3 replies \ @ek OP 25 Feb 2024

updated
github ☑️
https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6

I don't see a key fingerprint there 👀

0 sats \ 2 replies \ @Natalia 25 Feb 2024

MullvadVPN-2023.6.pkg.asc

👀

why the devs are making things to tricky, is it really meant for people to verify! or just trust.

I have to do that myself, still figuring things out around PGP keys

same, I'm verifying all the software that I use, good things is I don't use many.

0 sats \ 1 reply \ @ek OP 25 Feb 2024

That's a signature, not a key fingerprint 👀

do I have to revoke this message using a new signed message 👀👀👀

0 sats \ 0 replies \ @Natalia 25 Feb 2024

then I couldn't find it other than their site - how is that possible, given how many people are using their tools. 😂

Once you’ve observed enough matching fingerprints from enough independent sources in enough different ways that you feel confident that you have the genuine fingerprint, keep it in a safe place.