True but let me be a littlebit paranoid. Would it not be possible to create a new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig files to place bad content and distribute it using a torrent ? I came across this idea as I readed long time ago some ideas how goverments could distribute the here in Europe called trojan of the state (Staatstrojaner).
Just a idea and, maybe I am wrong - back to the topic. Am 27. April 2017 17:43:03 MESZ schrieb Ted Unangst <[email protected]>: >Christoph R. Murauer wrote: >> Let's say, you provide a torrent for the .fs and .iso files. Who >trusts a SHA256.sig file from an unofficial torrent ? > >The whole point of signing the SHA256 is you don't have to trust the >person >who gives it to you.
