Max13d agoI think apt checks signatures.
You only need to be careful when adding a new repo to verify the pubkey there.
💬 1 replies
Thread context
Root: f92e8203feef…
Replying to: 9082eae02374…
Replies (1)
franzap13d agoI use apt and dnf. They all do some form of verification. Verifying repo pubkeys UX is bad, and there is no second layer of defence (e.g. malware makes it into a repo, not uncommon)
0000 sats