|
|
|
|
|
|
by hkolek
5137 days ago
|
|
|
Yeah but that is to check the file integrity, that's something entirely different. Anyone can calculate a CRC checksum for any garbage files they want, upload it and label it as a CORE release. There is no way to verify that the release is genuine. And if you temper with an authentic release, for example introduce some malware, you can simply recalculate the checksum itself. This would be impossible if the release would be cryptographically signed because you would need COREs private key to generate a valid signature. |
|
|