Rabbit Hole Recap #229: The Bankruptcies and Executive Departures Continue
Rabbit Hole Recap
00:00
GPG Public Key - The Open Source Implementation of PGP
All good software, all responsible software maintainers should have a known GPG public key. You do that because there is an attack vector where someone compromises their website or someone compromises an app store and replaces that download file with a malicious version of the file. So what this website does is it just automates that process. But you don't have to trust them if you verify yourself. It's nice because basically it's doing it automatically. And then if they notice that a file isn't checking right, like the verification isn't happening, they basically alert. They'll send out an alert. That compromised file is removed from their website or removed from GitHub. And the correct file is put back
Transcript
Play full episode
