New mirror for WinPT + GnuPG installer
Wed Dec 4 03:04:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Toxik - Fabian Rodriguez <Fabian.Rodriguez@Toxik.com> schrieb am 2002-12-03
> Just wanted to let you know that I have mirrored the latest files and
> information for the WinPT+GnuPG installer from G. Vasconcelos here:
> Thanks to Gustavo for the permission and for being very open to all
> comments and suggestions.
Thanks for your effort!
The need for an easy GPG installer on Windows is urgent (I can't teach my
father how to edit his computer's registry on the telephone ...).
But before downloading one of those 'made easy' packets I have some
questions (not only to you).
<http://www.gnupg.org/(en)/download/index.html> only provides binaries
without an installer. Is there a certain reason for this?
<http://www.winpt.org/download.html> offers a graphical installer but it is
quite outdated (installs GPG 1.06).
<http://areaii.ufpe.br/~tango/winpt.html> and <http://www.nullify.org/>
offer recent installers (GPG 1.2.1).
But those binaries where built by people I have never heard off.
By principle (please don't take it personal!):
How can I know that these versions are unchanged and don't install trojan
horses or other ugly stuff?
When it comes to software I trust in Werner Koch. At least I have a
trust-path to the key that signed the source archives.
I have no trust-path to you or Keith.
Actually I hardly have a trust-path to any developer whose software I
installed (not even to Apple Computers), but GPG is ... a bit more special.
At <http://www.gnupg.org/> I have not found a link to
<http://www.nullify.org/> or one of the other installer sites.
What do the GnuPG developers think about the other installers?
I don't want to suspect anyone of something bad.
These are rather general doubts I have about software distribution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.1 (Darwin)
-----END PGP SIGNATURE-----