Am 10.04.2017 um 22:44 schrieb Dawid Bałut:
If for shell script you have only one carrier which is the root trusted
origin, you're eliminating the need for packages signing
nonsense
once you have the GPG keys you are even able to reject malformed
packages from the "root trusted origin" in case it was compromised
https://en.wikipedia.org/wiki/Web_of_trust
if you can't see the value of GPG signing where you have *multiple*
sources to verify the signers key versus a random script with a hash
placed on the same site and so both compromised especially with a
idiotic pipe to a root shell where you don#t do *any* verification i
can't help you
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
