Successful experiment boosting the number of users using OpenPGP verification for file download

Heinz Diehl htd at
Thu Aug 1 16:33:11 CEST 2013

On 31.07.2013, adrelanos wrote: 

> Downloading a signature doesn't imply, the user
> successfully managed to use OpenPGP verification or that the user
> couldn't be tricked or just ignored an invalid signature error message.

And therefore, these numbers are without meaning.

While there is evidence that reminders can have a slight impact on
quality improvement, it would be a lot more effective to explain to
the downloader what could happen if he/she does NOT check the
signature before using the downloaded software (*). This should come with
an easy instruction how to do that.

I'm quite shure that would boost the number of downloaders who
actually check the signature.

(*) This has been used i a variety of different quality improvement
strategies, with moderate to great effect (e.g. the health belief
model, social marketing..).

More information about the Gnupg-users mailing list