Attackers could generate a key and sign a hacked artifact. Yes, somebody signed that artifact you might say, but I would worry who signed it and how much I should trust them.
Attackers could generate a key and sign a hacked artifact. Yes, somebody signed that artifact you might say, but I would worry who signed it and how much I should trust them.