Y
Hacker News
new
|
ask
|
show
|
jobs
by
llambiel
3737 days ago
I agree with your concern. As a temporary "workaround" I've updated the article with a SHA256 checksum of the key. I'll chase the Nginx team for serving this key over https
2 comments
click170
3737 days ago
We should really be verifying the fingerprint of the key itself, even if it is served over HTTPS.
link
schoen
3737 days ago
Thanks for the update!
link