Y
Hacker News
new
|
ask
|
show
|
jobs
by
shittyadmin
2878 days ago
You're still getting a signature directly from the developer's machine, not from the repository server and as such you're still vastly shrinking the attack surface.