How to make sure the #Enigmail file you downloaded is the real deal:
1) Download the file and its ‘Open PGP’ signature: https://www.enigmail.net/download/index.php
2) Learn that you must download the key the packages have been signed with: https://www.enigmail.net/documentation/signature.php
3a) Download gpg-curl and configure gpg to download keys securely, as described in https://quitter.no/url/12964
3b) Verify the certificate used when connecting to the pool of secure key servers: https://sks-keyservers.net/verify_tls.php (I didn’t really understand how, so I skipped this step.)
4) Following the instructions (linked to) in 3a), download the key with the signature mentioned in the webpage of 2).
5) Following the instructions in 2), run ‘gpg --verify filename.xpi.asc’
If it says ‘good signature’, I guess you’re safe…. (!crypto !security)
Quadronyx (QDNX) uBlog
Contact uqdnx2013@qdnx.org for a free account here.
Notices where this attachment appears
Tags for this attachment
Quadronyx (QDNX) uBlog is a microblogging service brought to you by Quadronyx. It runs the StatusNet microblogging software, version 1.1.0-release, available under the GNU Affero General Public License.
All Quadronyx (QDNX) uBlog content and data are available under the Creative Commons Attribution 3.0 license.