|
|
|
|
|
|
by wizzwizz4
878 days ago
|
|
|
Untrusted? They're from RedHatSourceDumps.onion! A few years back, my mate in Contoso gave me some sources a few years back, and they were identical to the ones that showed up on RHSD the next day; I don't know anyone who's ever noticed a bit out of place. Why would they choose today to start injecting malware, when somebody would raise the alarm within a week? Back in the real world: binary RPM packages are cryptographically signed, and I'm pretty sure source packages are as well. Who needs provenance when you can blindly assume that nobody's cracked the crypto yet (or, more realistically, leaked the keys)? |
|
|