Hacker News new | ask | show | jobs
by MichaelGG 4239 days ago
The criticism is the same: You're worried about running binaries from a particular source, but will accept the signatures from the same source?
1 comments
bigbango 4239 days ago
Yes, when I don't have any out of band method for obtaining the key.

Also, the sources aren't the same, the binary is downloaded from a mirror / CDN while the links I posted are from the main FTP server.

edit: grammar corrections

link