@tehjh difference between trusting distro and pipe-to-shell is that the former trusts every CA to get it right and not be evil
@damienmiller e.g. pulseaudio at least sends announcement mails with unsigned hashes, but I can't find any way to verify an openjdk download
-
-
@damienmiller ofc, a maintainer can just download the same code using different machines, then compare. probably more secure than HTTPSThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.