Pro@programming.dev to Linux@programming.devEnglish · 4 days agoFlatpak is not perfect, but it's getting betterthelibre.newsexternal-linkmessage-square42fedilinkarrow-up1164arrow-down15cross-posted to: linux@linux.community
arrow-up1159arrow-down1external-linkFlatpak is not perfect, but it's getting betterthelibre.newsPro@programming.dev to Linux@programming.devEnglish · 4 days agomessage-square42fedilinkcross-posted to: linux@linux.community
minus-squareKazumara@discuss.tchncs.delinkfedilinkarrow-up7·4 days agoBest to do both, really, so a record of using a consistent public key is created. Then supply chain attacks might be noticed. If someone manages to replace the file on the webserver but can’t get to the signing key you’ve prevented the attack.
Best to do both, really, so a record of using a consistent public key is created.
Then supply chain attacks might be noticed. If someone manages to replace the file on the webserver but can’t get to the signing key you’ve prevented the attack.