Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is true for distribution-hosted repositories. But how many web sites are there that are like, "Add this line to sources.list, then run this apt-key command, and then run apt-get install our-app." So few people bother to check for a web of trust for the proffered key (or even know how to, or even grok the concept) that there is little functional difference.


So if other people do it too, it's automatically good?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: