14. Mar 2017 04:39 by [email protected]: > GPG is sufficient for verification, although using HTTPS would conceal which > software packages you are using
GPG does not protect against a MITM downgrade attack to a validly signed but older vulnerable version of a piece of software -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/KfDgBaE--3-0%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
