Sorry, since this is not new knowledge to me, I only skimmed the article and missed that bit.

Anyway, I think it's important to emphasize this as so many people just type the verification commands into their computer without thinking what they do and are happy when gpg gives them a thumbs up without understanding ways in which the supply chain may have been compromised.

0xIlmari

bitcoin

Learn How to Verify with Me ( with Baby Steps )

Natalia

yes, I mentioned this at the end

>Check different sources of the fingerprint to verify the signer's public key.
Good places to look are Github, Keybase, KeyServer, and different socials. Generally, the more sources showing the same key, the more trusted.