| ▲ | tstenner 4 days ago | |
Or detected easily with package builders like Arg Linux's makepkg that ship a hash along with the source URL. As soon as one user gets a different file, he has an alert and the compromised package for later analysis | ||
| ▲ | untitaker_ 4 days ago | parent [-] | |
like I said, if you assume your adversary is the US government then they might as well start issuing rogue TLS certs to target individuals. | ||