Y
Hacker News
new
|
ask
|
show
|
jobs
by
jayd16
1872 days ago
How is an automated signing server better security anyway? Google can still sign what they want but now every dev has a missive security hole in the form a server that can sign code reachable from the open web?
1 comments
est31
1871 days ago
As I've mentioned it allows you to audit the generated files. You can run scanners on the result if you want to.
link
jayd16
1871 days ago
Couldn't Google obfuscate the changes if they really wanted to?
link