Gregory's Server@butorzigzag @briankrebs It ensures that the executable you run is the same as the one the author released -- not one that was subsequently subtly altered (eg via MITM or maybe a later malicious repo upload)
|
2 comments
 @whereami @butorzigzag @briankrebs That's true, and if it's in your threat model, you'll want to wait for caches like internet archive or google/bing to check against |
@dragonsidedd @butorzigzag @briankrebs no it doesn’t, because a threat actor who compromises the author’s website can change both the executable and the published hash