Dark Reading

Decades-Old Vulnerability Allows Spoofing of Encryption Tools

Marcus Brinkmann, a security researcher, has announced that many of the most widely used email encryption tools have been vulnerable to signature spoofing since they were first used. Not only that, ...
Ars Technica

Gpg/GNUpg verify package before installing?

If I've downloaded something from a first party website (e.g. the main gnupg project website) OR a highly trusted third party (like, for example, a well known Linux distro site like debian, ubuntu, ...