1597 sats \ 2 replies \ @Natalia 24 Feb \ parent \ on: The Curious Case of Digital Signatures crypto
You use GPG suite?
yes
found a fun read here https://www.qubes-os.org/security/verifying-signatures/
write
preview
245 sats \ 1 reply \ @ek OP 24 Feb
The point is that we must decide who we will trust (e.g., Linus Torvalds, Microsoft, or the Qubes Project) and assume that if a trusted party signed a given file, then it should not be malicious or negligently buggy. The decision of whether to trust any given party is beyond the scope of digital signatures. It’s more of a social and political decision.
this so much
That's why I mentioned "the person you trust" here
When you verify a digital signature, you make sure that the software was created by the person you trust and think it was created by (authenticity) and that it was not modified (integrity).
But they explain this part very well, I didn't
reply
473 sats \ 0 replies \ @Natalia 24 Feb
I'm writing down what I've learned today, but damn too much verifying in my brain at the moment. πŸ˜‚πŸ˜‚
also I think sooner or later I will play around with other operating system, taking things slow. πŸ‘€
reply