Publishing the OpenPGP instructions outside of our website
Originally created by @XiauWu on #11039 (Redmine)
If the instructions on the website are fake due to mim attack or due to the website being compromised, the instructions for the pgp verification will be fake too. If the instructions and the key are published on multiple platforms however, (like irc, i2p, tor, i2p-irc, andoid/iphone app etc.) it will be easy to spot fake instructions and keys even for beginners. To receive fake instructions all the platforms would have to be compromised. For new users this method of cross–checking would allow to trust the pgp instructions on the website for future use.
- Related to #15697 (closed)