Answer: Are SHA1 sums on gnupg.org checked regularly?

[Peter Lebbing]

On 26/07/13 17:31, Jan wrote:
> I'm thinking of someone how uses windows and wants to install gnupg for the
> first time. How can he/she rely on OpenPGP?

By running a Linux Live CD to do the verification. How does he know the CD is
genuine? The thing is, somewhere the trust has to start. It's a bootstrapping
problem.

Also, how do you trust the OpenPGP signature is made by the correct key, etcetera.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>