This is why signatures should be embedded into the packaging and distribution me... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		raesene4 on Sept 25, 2015 \| parent \| context \| favorite \| on: Is curl\|bash insecure? This is why signatures should be embedded into the packaging and distribution mechanism, to reduce manual steps. Looking at Dockers deployment of Content Trust as an example of this. You still have a trust decision on first use, but it's better protection than nothing.

kentonv on Sept 25, 2015 [–]

> You still have a trust decision on first use, but it's better protection than nothing.

That's what you're getting by curl|bashing sandstorm today (if you skip the PGP verification step). Once installed the updater verifies signatures automatically.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact