Inline Key Distribution

Means placing the key along side the archive (on the server)
Temptation for client to grab key there

Attack: compromise binary, upload fake key which verifies

Notable abusers: OpenSSH portable, SSH Communications, Cyrus, Gnuplot