How to find and verify a trust path?

Peter Lebbing peter at
Wed Sep 18 22:26:52 CEST 2013

On 18/09/13 22:00, NdK wrote:
> I think "stability" is what most newbies (and probably experienced users
> too) use.

Alternatively, if you use a Linux distro: simply install it with the package
manager. You already implicitly trust that anyway. If somebody got inside the
package manager, they don't need to bother to attack GnuPG specifically.

I suppose technically you're also trusting the maintainer for the package. No
worse than trusting any other maintainer, I think. They all have access to the
binaries you run.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list