On Mon, Mar 7, 2016 at 4:03 PM, Thomas Mayer
wrote:
> I just visited http://www.postgresql.org/download/linux/debian/ and my
> impression is that the way the signing key is published is not secured
> against wrong origin or manipulation by a man in the middle (MitM) attacker.
>
> Meaning, that if
I just visited http://www.postgresql.org/download/linux/debian/ and my
impression is that the way the signing key is published is not secured
against wrong origin or manipulation by a man in the middle (MitM) attacker.
Meaning, that if a MitM attacker can compromise downloads, he or she is
als
