Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general: >> >> You mean the source files that you downloaded and then hashed... >> > > Yes. If the source files are being modified via a MITM attack (which is > trivial if the host uses HTTP) the checksum is still useful. > The checksum that was created by zou after downloading the compromised source file. I don't see how that is useful. The checksum will always be correct and validate nothing
Attachment:
signature.asc
Description: OpenPGP digital signature
