| ▲ | firesteelrain 6 hours ago | |
There is a secure domain to download from as a mirror. For extra high security, the hash should be delivered OOB like on a mailing list but it isn’t | ||
| ▲ | maccard 3 hours ago | parent [-] | |
Where is that mirror linked from? If for the HTTP site that’s no better than downloading it from the website in the first place. > for extra high security, No, sending the hash on a mailing list and delivering downloads over https is the _bare minimum_ of security in this day and age. | ||