You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The lack of keys in packages confuses people. The logic of excluding them was that for security the people installing the package should separately acquire and verify the keys rather than trusting a potentially dodgy, perhaps unsigned package.
But there a fair argument that if the package is dodgy then you've lost anyway because the key verification code may itself have been compromised.
RAVEN106 in master TODO list
The text was updated successfully, but these errors were encountered:
The lack of keys in packages confuses people. The logic of excluding them was that for security the people installing the package should separately acquire and verify the keys rather than trusting a potentially dodgy, perhaps unsigned package.
But there a fair argument that if the package is dodgy then you've lost anyway because the key verification code may itself have been compromised.
RAVEN106 in master TODO list
The text was updated successfully, but these errors were encountered: