undefined | Better HN

0 pointsLeace7y ago0 comments

> I am saying that being able/forced to buy your way in privileges the most organized scammers

This works both ways because legitimate software developers also don't have easy ways of pushing their signed software to end users. Usually step 1 in installing software from external developer is "get my PGP key imported" [0].

[0]: https://www.sublimemerge.com/docs/linux_repositories

I don't mean Linux distro's model is worse or that Windows model is better. What I mean is that none of them is significantly better than the other. Just different with different trade-offs.

0 comments

acqq7y ago

> Usually step 1 in installing software from external developer is "get my PGP key imported" [0].

Even #%@! Oracle does it:

https://www.virtualbox.org/wiki/Linux_Downloads

I wonder what’s the point of the PGP key then.

LeaceOP7y ago

> I wonder what’s the point of the PGP key then.

Trust on First Use. Once the key is imported it stays the same.

People working for that organization can sign the key to attest it's real (Web of Trust). Although I wonder how would they check it. Organization (non-individual) keys are weird because ultimately it's just an individual behind it.

j / k navigate · click thread line to collapse