|
|
|
|
|
|
by jrochkind1
4708 days ago
|
|
|
As the OP says, if the same organization -- and even likely the same _server_ -- is being the certificate authority and distributing the signed releases.... > However in this model if someone is able to send you a malicious package they are also likely able to send you a malicious key. |
|
|