Hello, it is me.

  • 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: October 14th, 2023

help-circle




  • Interesting take. I wonder if the amount of platform dependent bugs is generally that low for games. I’m a developer, but not a game developer. I would assume that platform dependent stuff comes into play a lot more, when using shiny new tech like direct storage, which is probably used more by AAA titles and less by indie games?





  • Oh you are absolutely right about it being much harder to compromise the distro website as well as a key server. And as much as I am aware of the concept of the web of trust, I still do not get how you securely draw a relation between a key on a third party website and the publisher of a distro?

    I just checked for OpenSuse and Fedora. Both link to their keys on their own website, which both target files on their own domain. And even if they linked to a third party, what is stopping an attacker, who already managed to swap the iso and checksum file to also change the link to the key server?

    You are right about already imported keys. But why would someone, who does not already have distro xyz installed, have the keys of the publisher of distro xyz imported?

    Thanks in advance for the discussion!