Successful experiment boosting the number of users using OpenPGP verification for file download

Doug Barton dougb at
Thu Aug 1 21:40:04 CEST 2013

Responding to a message at random ...

There is a much simpler way to encourage downloading the signature 
files. Bundle the exe and signature in a zip file, and make that the 
only download available.

However, what you really want to encourage is the verification of the 
signature (ignoring the bootstrapping problem for the moment), and even 
forcing people to download the signature file won't do that. In fact I 
would argue that the only folks interested in verifying the signature 
already do that, and that any increase in downloads of the signature 
files is statistically meaningless.


More information about the Gnupg-users mailing list