20 sats \ 1 reply \ @Natalia OP 26 Mar \ parent \ on: Learn How to Verify with Me ( with Baby Steps ) bitcoin
yes, I mentioned this at the end
Check different sources of the fingerprint to verify the signer's public key. Good places to look are Github, Keybase, KeyServer, and different socials. Generally, the more sources showing the same key, the more trusted.
write
preview
43 sats \ 0 replies \ @0xIlmari 26 Mar
Sorry, since this is not new knowledge to me, I only skimmed the article and missed that bit.
Anyway, I think it's important to emphasize this as so many people just type the verification commands into their computer without thinking what they do and are happy when gpg gives them a thumbs up without understanding ways in which the supply chain may have been compromised.
reply