reply on: Learn How to Verify with Me ( with Baby Steps ) \ stacker news ~bitcoin

111 sats \ 1 reply \ @ek 26 Mar \ parent \ on: Learn How to Verify with Me ( with Baby Steps ) bitcoin

There are multiple ways to verify the authenticity. Authenticity means here that we want to be sure this URL belongs to the homebrew devs that we already trust.¹

Ideally, we use all ways as @Natalia mentioned in her post:

ideally from independent sources, and from more sources, the more trusted.

a) check out the Homebrew organization to which this URL belongs to. Is this a legit org? Do they have many stars (which could be bought)? Much activity? No ticket or discussion that says "this is a scam"?

b) Visit the URL and read the code. No red flags like loading something from a totally different domain? (If you can't read code, learn how to read code.)

c) Verify it uses HTTPS. Probably the easiest way and one that people hopefully already do without thinking, so this is something you should ALWAYS do (assuming it's not already done by the software you use): just check if the URL starts with https://. This is important since TLS (HTTPS = HTTP + TLS) is not only about encryption (confidentiality) but also about integrity and authenticity, the "CIA triad":

Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

-- wikipedia.org, Information security

Authentication basically means to verify you are who you say you are. Btw, even the HTTP spec got this wrong: it uses authorization for authentication. ↩

0 sats \ 0 replies \ @Natalia OP 26 Mar

Footnotes