Downloading files on your device still exposes a major security risk and can ultimately lead to an entire system compromise by an attacker. Especially because the security risks are ...
If you got the checksum via a different channel or if it’s signed with a key you’ve got from elsewhere. (ideally, or just TOFU) Otherwise you’re still “only” trusting the https connection.
If you got the checksum via a different channel or if it’s signed with a key you’ve got from elsewhere. (ideally, or just TOFU) Otherwise you’re still “only” trusting the https connection.