Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 3 weeks agoThere’s zero cryptographic reason to have a signed date at that point.
Comment on Google's plan to restrict sideloading on Android has a potential escape hatch for users
LodeMike@lemmy.today 3 weeks agoThere’s zero cryptographic reason to have a signed date at that point.
Zak@lemmy.world 3 weeks ago
Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).