Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
acct
on March 3, 2014
|
parent
|
context
|
favorite
| on:
Downloading Software Safely Is Nearly Impossible
MIT GPG keys are unverified. HTTPS would only add a false sense of security - you are supposed to verify the keys
after
you download them (yes, it's not easy, depending on how much verification you require).
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
