Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You get the key once and its fingerprint is published repeatedly.


And look at all the linux distros that do that. Oh right, they don't. They just go "here's our public key" and people download it over ftp from the exact spot they are getting the binaries, do nothing to verify it, and pretend that got them security. Hence, theatre. Anyone who would actually do it right already has the tools to do so, ssh public keys work just like pgp public keys.


You have no idea what you're talking about. Go troll somewhere else.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: