|
|
|
|
|
|
by cowabunga
4238 days ago
|
|
|
Actually no as that signs the communications and not the software. If the target server is compromised then you are screwed. Also for example there is no guarantee that github.com isn't serving malicious traffic from one user under a legitimate request I.e. the poisoned sharecrop problem. EV signed software is usually done off the internet. In our case we use a physical key to sign it offline and then upload. |
|
|