Successful experiment boosting the number of users using OpenPGP verification for file download
Heinz Diehl
htd at fritha.org
Thu Aug 1 16:33:11 CEST 2013
On 31.07.2013, adrelanos wrote:
> Downloading a signature doesn't imply, the user
> successfully managed to use OpenPGP verification or that the user
> couldn't be tricked or just ignored an invalid signature error message.
And therefore, these numbers are without meaning.
While there is evidence that reminders can have a slight impact on
quality improvement, it would be a lot more effective to explain to
the downloader what could happen if he/she does NOT check the
signature before using the downloaded software (*). This should come with
an easy instruction how to do that.
I'm quite shure that would boost the number of downloaders who
actually check the signature.
(*) This has been used i a variety of different quality improvement
strategies, with moderate to great effect (e.g. the health belief
model, social marketing..).
More information about the Gnupg-users
mailing list