Hacker News new | past | comments | ask | show | jobs | submit login

Using hash doesn't protect you from supply chain attack either. If the publisher is compromise, any updates could potentially be malicious. The alternative is to never update at all, which can be even worse.



It doesn't completely protect, no. Nothing does. Like much in security, defense in depth is the byword. Not checking the hash throws away a layer.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: