Even if they manage to distribute the keys in a manner that generates trust, without appropriate transparency, how do I know that the vendors are protecting their private key data?
Not to mention the build system.
It's only a matter of time before a rogue operating system is released using the misappropriated key data of an unfortunate OEM vendor. I hear that there are still some nation states with enough cash to fund this sort of subversive activity.
Ps.BOFH, I received an error while logging in using Google Appspot OpenID
no subject
Not to mention the build system.
It's only a matter of time before a rogue operating system is released using the misappropriated key data of an unfortunate OEM vendor. I hear that there are still some nation states with enough cash to fund this sort of subversive activity.
Ps.BOFH, I received an error while logging in using Google Appspot OpenID