HackerTrans
TopNewTrendsCommentsPastAskShowJobs

xloem

no profile record

comments

xloem
·5 yıl önce·discuss
> APT would maintain a list of allowed public primary keys.

You've blatantly forgotten the implication of TOFU regarding new debian keys. Without a way to certify debian's keys, there's no way to verify that installation media is correct any more. With PGP, there was the web of trust. Now there is TLS at best, no?

It seems the proposed specification lacks a crucial addition of keysigning.