|
|
|
|
|
|
by spiffytech
1577 days ago
|
|
|
That moves this in the right direction, but still has secerity challenges. You need a path for the legitimate package author to reactivate their account after domain expiration, which means you need another way to trust you're talking to the same human as before the domain expired. This is where stuff like PGP comes up, but that comes with yet more challenges. |
|
|