|
|
|
|
|
|
by mfer
2312 days ago
|
|
|
If a hosting server is compromised the hash and download can be changed with something nefarious. crypto signing/verification will catch that case. hash checking will not. This is a legitimate case as it's happened to other projects in the past. |
|
|
FWIW the macOS pkg you download is signed.