SRE working in email. Gay. Married. Doggy daddy.

I like Star Trek, genealogy, O scale model trains, history, Pokemon, LEGO, coin collecting, books, music, board gaming, video gaming, camping, 420, and more.

Mastodon: @leopardboy@netmonkey.xyz

  • 6 Posts
  • 28 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle










  • Depends on the context, I think. For me, I rarely do it for personal stuff. If I wanted to be perfect, I could do it, assuming a signature is available to verify, but I’m lazy. I would venture to say most folks don’t do it either.

    With that being said, where I have been consistent about doing it has been writing config management code at work. If I need to have it download an installer from an untrusted source, I can verify that I’m installing the same package on all servers by verifying the signature before installation. This doesn’t always work well in all circumstances, though.