|
|
|
|
|
|
by kemotep
763 days ago
|
|
|
It would be discoverable but only if you ran an additional hash to check the final binary after updating and checking with an out of band source what the hash of the binary should be. How many people double check that apt actually updated the package to the right version, if it’s output is compromised? |
|
|