Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And look at all the linux distros that do that. Oh right, they don't. They just go "here's our public key" and people download it over ftp from the exact spot they are getting the binaries, do nothing to verify it, and pretend that got them security. Hence, theatre. Anyone who would actually do it right already has the tools to do so, ssh public keys work just like pgp public keys.


You have no idea what you're talking about. Go troll somewhere else.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: