Hacker News new | ask | show | jobs
by hattmall 1138 days ago
But not on the official page, right? And there's nothing stopping someone from doing that now is there? I don't see how the original authors providing binaries is less secure than anything else.
2 comments
pmoriarty 1137 days ago
The official page can be hacked, and both malware and md5 of the malware can be placed there.

That's the whole point of using a cryptographic signature backed by a web of trust instead of a mere hash.

link
robertlagrant 1136 days ago
Where would the hash be advertised?
link
thdespou 1137 days ago
Yeah but still hackers can abuse SEO and direct visits to their pages. If you are not careful you might accidentally download a malicious binary.
link