Which is exactly why you use a well known PGP key[1] (pre-setted up) with a trusted fingerprint. You dont donwload a raneom PGP key from the website you are downloading the unknown software and use it to verify a signature.
Are you even reading what you are saying?
where is well known PGP key?
what is this? Where did you have this link?
Go to Electrums real GitHub repo.
Look for it:
https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.ascIts the same as the link above.
why not from electrum.org? You said just download electrum from electrum.org but why i have to download a file from github.com? Bad servers ask users download fake electrum update from github.com too
If you knew the answer, then why are you askig for my source for ThomasV key? If you go to Electrum.org and go to the Download page, there is a link to the same URL I posted above. Both electrum.org and the Electrum github I posted above are legit; both of them lead their users to the same PGP key, which is real.
Yes, bad servers give fake github repos with fake wallets, but I linked you THE REAL GitHub repo, which again, you can confirm either by checking it in the electrum.org website or in any other trusted source.
Why cant you just do your own goddam research to confirm that what Im saying is true?