Comment by 1970-01-01
2 months ago
You almost had a great point here. If he began every blog rant with BEGIN PGP SIGNED MESSAGE and included a digital key somewhere secure, somewhere that I could go and verify, just Debian does with updates, I maybe could tolerate the cleartext. But he clearly didn't (pun alert!)
Pardon; your threat model includes someone MITMing Greg's site to misrepresent what the blog article says?
... But you'll happily go to a forum site such as HN to discuss the post?
https://apps.lansa.com/LearnLANSAWebMobile/index.html#!Docum...
XSS is real threat that everyone like you missed.
> The content is not shown because JavaScript is disabled.
Two can play the luddite game.