|
|
|
|
|
|
by malaxii
2545 days ago
|
|
|
> - This may or may not mean that major distributions binary packages will simply stop being verifiable - it depends on who uses what key server in what chain of trust. We probably won't find out till more bad actors poison more wells All distributions I know use a pre-shared keyring for package signing, distributed on the initial installation media. Public keyservers are not involved. This is unaffected by any issues with web-of-trust and public keyservers. |
|
|