|
|
|
|
|
|
by nicce
986 days ago
|
|
|
Usually keyring is separate package which is also signed with a key which can be verified from multiple different sources. Of course, if you are a target of nation state attack, which fakes public keys from all sources by MITMn DNSs and servers, you might end up with the wrong package. But that threat model is totally different. |
|
|