Y
Hacker News
new
|
ask
|
show
|
jobs
by
Arnavion
1058 days ago
Packages are signed in exactly the same way Debian packages are signed, ie the package files themselves are not signed but the index file that lists them is.
2 comments
dgrove
1057 days ago
Because a single hot key for signing on a random build server has never fucked anyone before?
https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...
link
Arnavion
1057 days ago
Please move those goalposts farther. I can still see them.
link
MartijnBraam
1057 days ago
Both the package and the index is signed actually. That's why it still works when installing APK files directly
link
https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...