Ben Tasker
@bentasker
@CrankyLinuxUser
@videolan
@Scott_Helme
@Sand_Pox
@TheHackersNews
@troyhunt
@mikko
@hackerfantastic
@fs0c131y
Just a point of clarity. HTTPS only gets you tamper resistance *in flight*. If someone manages to screw with packages on a mirror, you're hosed. GPG gives e2e resistance so long as the signing key is properly protected. VLCs approach is largely fine IMO
22 Jan 2019 11:28
View on Twitter
2019 Archive