[dublinben]

You only need to trust their signature to really be sure. That's why the Web of Trust aspect of PGP/GPG is so important. It's probably more valuable than the ability to encrypt a few emails.

[schoen]

It doesn't seem that PuTTY has made very effective use of this or managed to explain the problem to most of their users.

http://noncombatant.org/2014/03/03/downloading-software-safe... http://noncombatant.org/2014/03/05/followup-to-downloading-s...