I mean Debian and Fedora (not an arch user) sign their packages with GPG. It's a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tapoxi on Aug 3, 2023 \| parent \| context \| favorite \| on: Microsoft comes under blistering criticism for “gr... I mean Debian and Fedora (not an arch user) sign their packages with GPG. It's a higher level up but effectively the same thing.

tatersolid on Aug 3, 2023 [–]

A runtime signature check is far more secure than an install-time signature check. On Linux you can swap a binary with an evil version using one of a million local privilege escalations available and nobody would ever know unless you have additional tripwire-style tooling set up.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact