https://issues.dlang.org/show_bug.cgi?id=16065
--- Comment #3 from Sobirari Muhomori <[email protected]> --- A more reliable mechanism would be a PGP signature. If you check against only one key, it will be equivalent to key pinning. Oh, and the ultimate security is to build everything from source. --
