Y
Hacker News
new
|
ask
|
show
|
jobs
by
sbohacek
135 days ago
The lack of signing and/or checking the signature when updating is the real issue here. But the write up blames the attack on the hosting server. That doesn't bode well for future security.