Zoltan

Well, hopefully 12 years late isn't too late to join this conversation. I would also like to be able to verify 7-Zip software using GPG. He's referring to man in the middle attacks. Another security risk is that, since the software is FOSS, someone could use the source code to write a program that looks like an official 7z .exe file, but with malware written into it. They could then mimic the 7-zip website and distribute a malicious copy of your software. Checksum hashes are good for verifying that...