How to improve our GUIs (was: We have GOT TO make things simpler)

Phillip Susi phill at
Fri Oct 11 19:54:44 CEST 2019

Andreas Boehlk writes:
> I do not agree with this one. IMHO the verification with a trusted GPG-Key is absolutely sufficiant and the checksum-proof is not needed at all.

True, since validating the signature means validating the secure hash of
the contents.  That is, the checkum is reisistant to accidental
corruption, but the secure hash is *also* resistant to intentional
manipulation.  The latter is a superset of the former.

More information about the Gnupg-users mailing list