Although I've already spent quite a few years improving my opsec, be it for laziness or a lack of real worry, there's one thing that I've always found myself not doing: verifying PGP signatures. Not only is it bad practice, but I feel kinda guilty when the devs go through the trouble of making sure it's public and available.
The thing is, I tried gpg4win once and I really hated it (I couldn't manage to make it work), so have any of you got an alternative, or a really good guide on how to properly use it? What setup would you recommend (for someone who is code illiterate) to make it less of a hassle? Thanks!