j
k
j a
j l
You are right, I skipped over that this was actually a server-side exploit - sure, end-to-end signing will help here. On 30/01/13 19:47, Edward Z. Yang wrote:
...As long as we upload packages via plain HTTP, signing won't help though.
As long as we upload packages via plain HTTP, signing won't help though.
Back to the thread
Back to the list
