That's significant enough to warrant total neglect on secure updates, I guess.
-
-
No. It’s not. That is what the data is saying. Attempts to make secure packages don’t, in practice, work any better than signed JavaScript on HTTP pages, for the same reasons, as they’re the same thing. It’s just rolling your own crypto. Use TLS.
-
A couple of really smart people did implement Uptane. Go have a look at it.
-
What’s the underlying crypto engine? Gpg?
-
Nope. It's something designed and built from scratch.
-
Early days for the code, but getting uptake in a real industry. Cool.
-
I'm biased here, but just have a look at the code these folks are writing:https://github.com/advancedtelematic …
-
Let me put it this way. I’m hopeful *for* a future where we can say more than “just use TLS”. One isn’t impossible, just how we’ve been saying to achieve it doesn’t actually work in practice. Uptane’s young. But promising.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.