Github's Total Security Facepalm https://donatstudios.com/GithubsTotalSecurityFacepalm …
-
Show this thread
-
TBH, Github allowing name reuse is fine. Just like a domain name is not tied to an identity. What you should trust is signatures and hashes. Not ephemeral URLs.
2 replies 1 retweet 10 likesShow this thread -
And keep in mind that HTTPS only protects the transport, not the content. Don’t trust a download location, no matter how secure the transport is. The only thing you can trust is a signature of the actual content.
3 replies 3 retweets 4 likesShow this thread
I lost a domain that was used to distribute binaries. The website was only accessible over HTTPS with highly secure settings. But today, the new owner of the domain can use it to distribute malware. HTTPS is totally useless to prevent this. Only signature verification can.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.