hello,
wondering if someone could explain how to go about verifying authenticity of downloads. i see that i have to download the qt wallet from mirror sites, and then to verify signature of that download, i have to download gnupg/pgp from mirror sites. when i go to download from gnupg.org mirror site, there is like a hundred files. which one do i want? i need a win32 binary, there seems to be many of them.... the thing is, how do i verify sha1 check sum when there is so many files.... i have no idea what to compare to, to verify integrity.
i dont trust these sites..... too much money on the table. and everywhere i look that explains PGP seems to assume you are a programmer. i'm not!
