@KentonVarda @zooko @bascule all these should distribute and verify signed hashes. worst case this stupid thing: http://jbenet.github.io/hashpipe
@KentonVarda "TOFU" (or rather, try to get the initial install right, via HTTPS, etc)
-
-
@bascule So basically we can trade off more usability for diminishing security returns but probably can't ever be perfect. -
@KentonVarda we can secure updates, but we need some sort of continuity (root.txt in TUF) to establish trust
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.