Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Or detected easily with package builders like Arg Linux's makepkg that ship a hash along with the source URL. As soon as one user gets a different file, he has an alert and the compromised package for later analysis


like I said, if you assume your adversary is the US government then they might as well start issuing rogue TLS certs to target individuals.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: