How to verify DMD download with GPG?

Ola Fosheim Grøstad ola.fosheim.grostad at
Wed Feb 16 07:41:47 UTC 2022

On Monday, 14 February 2022 at 15:51:59 UTC, Kagamin wrote:
> 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8 is 0xDB8C5218B9329CF8
> This shortening was supposed to improve user experience.

Yes, I eventually noticed that the shortened fingerprints were 
used, but only after posting the OP… It is natural to scan for 
the start of a string when looking over a larger set to find a 
match, unless you use GPG more frequently than once every 5 years 
and remember to look for the tail of the fingerprint…

GPG is a good concept, but the usability lacks that extra polish 
that could make it attractive to a broader audience. What makes 
HTTPS so widespread is the usability impact is low once you have 
a mechanism for distributing the key data for verifying 
connections. GPG could've done something similar.

More information about the Digitalmars-d-learn mailing list