|
|
|
|
|
|
by naikrovek
2880 days ago
|
|
|
Code signing is not an issue, it is a feature. You can think of it as a way to programmatically check that the executable has not been modified since released by the developer. FOSS sites often recommend that a downloader check the hash of a downloaded file against one provided, never seeming to realize that if an attacker can replace a .iso file that there is a high likelihood that they can modify the MD5 hash shown to match their modified file. Code signing prevents this. Code signing is a good thing. |
|
|