> venom00 wrote: > > Well... But they didn't generate a fake certificate for lyx.org :P > > yet. P
To be honest I think that the last thing a malicious cracker would do, having the possibility to create trusted certificates, is using them for lyx.org. Private keys have not been compromised, they just signed some certificates without the proper authentication process. However if you prefer we can sign the files with PGP, something like Debian does with packages. One can then check the signature with a key distributed with the install package. No need for HTTPS. venom00
