logoalt Hacker News

hypeateiyesterday at 3:07 PM4 repliesview on HN

The site doesn't have HTTPS and there doesn't seem to be any mention of signatures on the downloads page. Any way to check it hasn't been MITM'd?

Replies

lysaceyesterday at 3:14 PM

Ideas to decrease risk of MITM:

Download from at least one more location (like some AWS/GCP instance) and checksum.

Download from the Internet Archive and checksum:

https://web.archive.org/web/20250000000000*/http://www.tinyc...

firesteelrainyesterday at 3:13 PM

Not foolproof. Could compute MD5 or SHA256 after downloading.

show 1 reply
throwaway984393yesterday at 3:59 PM

Because there's big demand to mitm users of an extremely small and limited distribution from 2008?

show 1 reply