Github's Total Security Facepalm https://donatstudios.com/GithubsTotalSecurityFacepalm …
-
Show this thread
-
TBH, Github allowing name reuse is fine. Just like a domain name is not tied to an identity. What you should trust is signatures and hashes. Not ephemeral URLs.
2 replies 1 retweet 10 likesShow this thread -
And keep in mind that HTTPS only protects the transport, not the content. Don’t trust a download location, no matter how secure the transport is. The only thing you can trust is a signature of the actual content.
3 replies 3 retweets 4 likesShow this thread -
Replying to @jedisct1
well, on a private domain name, transport trust should be enough :/ Also, having a signature need further action from the receiver : checking the signature against something else (a copy of it on a website, or a pgp key weboftrust etc.)
2 replies 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.