Or Coke (and a caffeine pill), or whatever you prefer. Bad coffee is a perplexing choice.
Irrelevant amounts of so. Any driving school teaches using engine braking for increased fuel efficiency and decreased wear of brakes. Manual clutches still last for far longer than even high-end automatic ones.
There is absolutely nothing wrong with HTTP. You are supposed to verify signing keys after you download them anyway, regardless of your source and tranfer method. Yes, that may often be hard, or nearly impossible. WOT…
MIT GPG keys are unverified. HTTPS would only add a false sense of security - you are supposed to verify the keys after you download them (yes, it's not easy, depending on how much verification you require).
But surely you must trust your SSH client, and thus its developers.
Surely it does. Did you think GETs are transferred before the encrypted connection is established?
Or Coke (and a caffeine pill), or whatever you prefer. Bad coffee is a perplexing choice.
Irrelevant amounts of so. Any driving school teaches using engine braking for increased fuel efficiency and decreased wear of brakes. Manual clutches still last for far longer than even high-end automatic ones.
There is absolutely nothing wrong with HTTP. You are supposed to verify signing keys after you download them anyway, regardless of your source and tranfer method. Yes, that may often be hard, or nearly impossible. WOT…
MIT GPG keys are unverified. HTTPS would only add a false sense of security - you are supposed to verify the keys after you download them (yes, it's not easy, depending on how much verification you require).
But surely you must trust your SSH client, and thus its developers.
Surely it does. Did you think GETs are transferred before the encrypted connection is established?