|
|
|
|
|
|
by jimktrains2
4388 days ago
|
|
|
But those sigs are also coming over a non-ssl connection:-p Honestly, whenever you download anything, evne over SSL, you're essentially trusting that the remote computer is not only who you think the computer is, but the person you expect to be controlling it is the only person controlling it. Out-of-band communication built out-of in-person trust are really the only way around that (i.e. trusting someone who trusts the PuTTY devs and gets you the hash/sig). |
|
|