4 Oct
2017
4 Oct
'17
2:43 a.m.
On Tue, Oct 3, 2017 at 11:05 AM, Georgi Guninski <guninski@guninski.com> wrote:
Is there a relatively safe way of installing from source on linux? IIRC there was an online database of hashes of the more popular stuff.
Closest thing to an observatory are the hashes in the package systems of all the various BSD / Linux OS worldwide. If their own downloads of the source are being trojaned or infiltrated, then shit's getting real. A second coming of PKI PGP WoT and signed repos like Monotone.ca will be widely rolled out amongst everyone to try to defeat it, but the enemy could prove difficult. The political source of the attack is what needs defeated.