Y
Hacker News
new
|
ask
|
show
|
jobs
by
Foxboron
1237 days ago
They don't really do any source authentication at all. There is no strategy for checking gpg/minisign/whatever signatures and fetching keys to validate these things.