Y
Hacker News
new
|
ask
|
show
|
jobs
by
ChargingWookie
3494 days ago
Am I misreading this or does this really allow arbitrary packages to masquerade as legitimate packages?!
1 comments
imduffy15
3494 days ago
That would be correct since GPG checking is disabled. Would just be a case of bumping the version number and releasing a package under the same name.
link