[Kenji]

Use a packet manager like apt to download and install your software. I think there are also packet managers for Mac OS and Windows.

[pfg]

I definitely agree with this advice in general, but as it so happens, users who installed HandBrake via homebrew (a package manager for macOS) were affected by this too because the hash for the latest version of HandBrake was changed to the infected version[1]. Still, package managers definitely make it harder for the attacker in most cases.

[1]: https://github.com/caskroom/homebrew-cask/pull/33354

[dlandis]

Wow, that's a strangely aggressive reply from one of the contributors on that thread. And then he said:

> 99% of the time these hash changes are innocent

That's actually not very good at all and proves they shouldn't just trust hash changes! Very odd