Hacker News new | past | comments | ask | show | jobs | submit login

But not on the official page, right? And there's nothing stopping someone from doing that now is there? I don't see how the original authors providing binaries is less secure than anything else.



The official page can be hacked, and both malware and md5 of the malware can be placed there.

That's the whole point of using a cryptographic signature backed by a web of trust instead of a mere hash.


Where would the hash be advertised?


Yeah but still hackers can abuse SEO and direct visits to their pages. If you are not careful you might accidentally download a malicious binary.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: