You must log in or register to comment.
Whoever downloads and runs executables without a second channel for verifying their authenticity is fucked anyways https or not :/
A lot of downloads do not make it easy to verify it’s checksums either to verify the authenticity of the file even if you’re downloading from a source that is credible
deleted by creator
So better show the checksum after downloading
If you got the checksum via a different channel or if it’s signed with a key you’ve got from elsewhere. (ideally, or just TOFU) Otherwise you’re still “only” trusting the https connection.
I hate that Firefox on Android changes the extension to .bin when the original file doesn’t have one. I think it’s very stupid. Chrome is loyal to the source.
