Hacker News new | ask | show | jobs
by pmoriarty 1137 days ago
The official page can be hacked, and both malware and md5 of the malware can be placed there.

That's the whole point of using a cryptographic signature backed by a web of trust instead of a mere hash.
1 comments
robertlagrant 1136 days ago
Where would the hash be advertised?
link