Y
Hacker News
new
|
ask
|
show
|
jobs
by
avereveard
1693 days ago
authors cannot revoke their compromised keys to immediately halt all distribution, and you don't have any process to verify package<->author ownership beyond the upload secrets.