|
|
|
|
|
|
by sarciszewski
4002 days ago
|
|
|
> i doubt using an other method would minimize a risk when the meteor.com would actually get owned. GPG signing, keep the private key offline, publish the public key in the blockchain and have a lot of high profile technologists sign it so it can be independently verified. See also: PHPUnit. https://phpunit.de/manual/current/en/installation.html#insta... (They provide an example shell script for quickly downloading and verifying the latest versions of their install) |
|
|
But at the end it's about people ...your example with PHPUnit can be abused like this https://thejh.net/misc/website-terminal-copy-paste How many people do you think will bother to paste the script to a text editor and check for evil parts ?