undefined | Better HN

0 pointsherecomesthepre1mo ago0 comments

Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist or in the case of yesterday's Wireguard / VeraCrypt discussion, think it's an evil capitalist scheme to control the world.

Digital signing on Windows predates Mac developer certificates by years but arguably wasn't widely used outside of security-paranoid organizations.

Before someone says Linux offers GPG signing it's mostly useless without a central PKI. Developers offer the public key for download on the same server as the software. If someone uploaded compromised software, surely they would replace the key with their own.

0 comments

BenjiWiebe1mo ago

Linux package managers (the normal way to install software) use signed packages.

I don't know how easy/hard it would be to compromise that.

steve19771mo ago

> Before someone says Linux offers GPG signing it's mostly useless without a central PKI

One could also argue that GPG signing is useful exactly because it doesn't rely on a central PKI.

herecomesthepreOP1mo ago

It's as useful as self-signed certificates.

badsectoracula1mo ago

> Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist

...or, much more likely, any potential benefits are not worth the negatives.

j / k navigate · click thread line to collapse