Successful experiment boosting the number of users using OpenPGP verification for file download
dougb at dougbarton.us
Thu Aug 1 21:40:04 CEST 2013
Responding to a message at random ...
There is a much simpler way to encourage downloading the signature
files. Bundle the exe and signature in a zip file, and make that the
only download available.
However, what you really want to encourage is the verification of the
signature (ignoring the bootstrapping problem for the moment), and even
forcing people to download the signature file won't do that. In fact I
would argue that the only folks interested in verifying the signature
already do that, and that any increase in downloads of the signature
files is statistically meaningless.
More information about the Gnupg-users