Bullshit. The public key can be obtained by several easy means, like visiting th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brabel 22 days ago \| parent \| context \| favorite \| on: GitLab discovers widespread NPM supply chain attac... Bullshit. The public key can be obtained by several easy means, like visiting the publisher website or social network site like GitHub which is common. That verifies the identity just as well as any certificate! But with much less trouble.

gruez 21 days ago [–]

How are you still missing the "real identity" part? A bitcoin address might be easily verifiable, but isn't anyone's idea of "real identity".

brabel 21 days ago | [–]

Real identity is impossible to establish beyond any doubt, and a certificate is no better than a key on a website, in fact it's essentially the exact same thing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact