Remix clone Hacker News

So wouldn't this logic also apply to updates that are signed with an invalid signature? And at that point, it sounds like you're saying that once something is signed and distributed, no one will ever try to compromise that and you're free and clear for the rest of time, which seems...dubious.

▲

0xDEAFBEAD 19 hours ago | parent [-]

My mental model is that requiring updates to be signed delivers a lot of security bang for your buck. Do you disagree?

An attacker can still steal the private key, or identify a flaw in the signature checking code. It looks like there are a variety of other, more constrained attacks: https://theupdateframework.io/docs/security/#attacks-and-wea... But overall, it seems to me that you can make an attacker's life considerably more difficult, for a comparatively small effort.

	▲	saghm 16 hours ago \| parent [-]
		I don't disagree with everything you said, but I don't see how "therefore, you don't need to worry about a critical update without a signature" follows. The reason that it provides a lot of value is specifically because it helps you notice things like what's going on now so you can avoid installing unsigned updates.