Hacker News new | past | comments | ask | show | jobs | submit login

There are a variety of attacks against GPG-signed repositories - an article [1] by Joe Damato explains them, and that all can be trivially mitigated by serving the repositories with TLS.

[1]: https://blog.packagecloud.io/eng/2018/02/21/attacks-against-...







Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: