Hacker News new | past | comments | ask | show | jobs | submit login

> What about hosting HTTP content because you verify GPG signatures upon download?

Because the rest of the content is not verified?????? That's the whole point of HTTPS????????

I didn't downvote this and this is a valid misunderstanding.

The whole point of having GPG is that you (as the distributor/debian repo/whatever) have already somehow distributed the public key to your clients (customers/debian installations/whatever). Having HTTPS is redundant as it is presumed that initial key distribution was done securely.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact