Hello Konstantin,
On Mon, Mar 12, 2018 at 05:20:26PM -0400, Konstantin Ryabitsev wrote:
> On 03/08/18 05:15, Uwe Kleine-König wrote:
> > The kernel.org archive provides signatures for the software available
> > (which is great!). The method to verify these according to
> >
> >
> >
On 03/13/18 05:33, Uwe Kleine-König wrote:
>>> But it also has an impact on security: As long as the signature isn't
>>> verified I have to consider the .tar.xz "untrusted" and the less tools I
>>> have to make operate on it the better. This scheme allows an attacker
>>> that has control over a
2 matches
Mail list logo
