Hacker News new | past | comments | ask | show | jobs | submit login

If they can replace the front page html, they could probably also replace the source code distribution with a backdoored/trojaned tarball. Or someone else might already have done so, since who knows how long ago, using the same exploit.



But would they also be able to replace the public key of the authors in all the other places it appears on the Internet?


That. That's why the authors PGP-sign their sources. Furthermore, some of us maintain GPG trust paths, so replacing it on every other place on the Internet would still be futile.


There is also benefits of using decentralized distribution channels like bittorrent. So a single source can't be compromised.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: