Why are the released binaries (deb, rpm, and all others) not (PGP) signed? This is a missing best security practice and should be adopted by developers as soon as possible!
1 Like
3 posts were merged into an existing topic: Security Improvement by Distrusting the Infrastructure - Signed Binary Releases
3 votes have been moved.