|
|
|
|
|
|
by proxynoproxy
441 days ago
|
|
|
I wouldn’t call this “incoherent” rather, I propose the terminology “vendor subvertable”. Yes, any time a vendor of software has any direct update capabilities, a targeted update can bypass the encryption provided by some software. In practice, we tend to delegate to a 3rd party like an OS distribution packager, where there is a delay between vendor releases and packaging. Where it can be discovered. Another good reason to use open source for core cryptography libraries and any code a vendor supplies should be open and repeatably built also. |
|
|