|
|
|
|
|
|
by tgsovlerkhgsel
2622 days ago
|
|
|
Which is, IMHO, a ridiculously short-sighted approach that ignores the difference between theory and practice. If there is a vuln in (or before) the GPG signature check, using HTTPS has a good chance of making it a lot harder to exploit (because the attacker will likely need to get into a trusted position instead of MitMing any HTTP connection). |
|
|