alt Hacker NewsWhich is served from the same insecure domain. If the download is compromised you should assume the hash from here is too.
Replies
firesteelrain • yesterday at 3:46 PM
There is a secure domain to download from as a mirror. For extra high security, the hash should be delivered OOB like on a mailing list but it isn’t
➕ show 1 reply
An integrity check is better than nothing, but yes it says nothing about its authenticity.