Oddbean new post about | logout
falsefaucet | 3 months ago (raw) | root | parent | reply | flag +1 
 As with anything it's important to verify pgp signature when installing firmware and updates.

The only way you get hacked after doing that is if maintainers pgp is compromised.

Am I correct in my thinking. 
nostr:nevent1qqsp76e87v9cl8re47sljhn8ex9helc7nrry42t6sl3aywpqaz3wfyspzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctczyzgah2ulvfnqa9f9sjqd9uk07mw0mdgn729gt7j0k40wnya9k35qjqcyqqqqqqg8q5dza
Brisket | 3 months ago (raw) | root | parent | reply | flag +2 
 Yeah pretty much. The other threat is borrowing or lending your hardware & not reloading the firmware.
falsefaucet | 3 months ago (raw) | root | parent | reply | flag +1 
 Lending hardware?
Do ppl actually do that?
 Sorry homies. 
No one is borrowing my cold storage.
Brisket | 3 months ago (raw) | root | parent | reply | flag +1 
 Because the seed signer doesn't store the seed, it is more likely to shared.

I'm with you, I don't lend hardware that's been in contact with any of my private keys.
falsefaucet | 3 months ago (raw) | root | parent | reply | flag +2 
 I see, in this particular situation, considering the seedsigner is stateless, some people would feel okay with sharing it. 

Very good point. Thank your for explaining.