alt Hacker NewsWhere is that mirror linked from? If for the HTTP site that’s no better than downloading it from the website in the first place.
> for extra high security,
No, sending the hash on a mailing list and delivering downloads over https is the _bare minimum_ of security in this day and age.
You can use this site https://distro.ibiblio.org/tinycorelinux/downloads.html
And all the files are here https://distro.ibiblio.org/tinycorelinux/16.x/x86/release/
I posted that above in this thread.
I will add that most places, forums, sites don’t deliver the hash OOB. Unless you mean like GPG but that would have came from same site. For example if you download a Packer plugin from GitHub, files and hash all comes from same site.