How to verify DMD download with GPG?
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Wed Feb 16 07:41:47 UTC 2022
On Monday, 14 February 2022 at 15:51:59 UTC, Kagamin wrote:
> 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8 is 0xDB8C5218B9329CF8
> This shortening was supposed to improve user experience.
Yes, I eventually noticed that the shortened fingerprints were
used, but only after posting the OP… It is natural to scan for
the start of a string when looking over a larger set to find a
match, unless you use GPG more frequently than once every 5 years
and remember to look for the tail of the fingerprint…
GPG is a good concept, but the usability lacks that extra polish
that could make it attractive to a broader audience. What makes
HTTPS so widespread is the usability impact is low once you have
a mechanism for distributing the key data for verifying
connections. GPG could've done something similar.
More information about the Digitalmars-d-learn
mailing list