Sign in / up

Reply to post: Re: No chain of trust?

Et tu, Gentoo? Horrible gits meddle with Linux distro's GitHub code

Nick Kew
Reply Icon

Re: No chain of trust?

Where you download from should have very little bearing on security. A cryptographic chain of trust works just as well with something off the back of a lorry as with the most trusted origin.

I wouldn't rely on a "gentoo.org" address for my security: that would open me to any number of attack vectors. Verifiable PGP signatures of verifiable gentoo personnel work altogether better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon