[OT] Signed download from sourceforge
Hi,
I was wondering how to download a binary in a secured way from sourceforge.
With debian it is very straightforward, you download it, check the
md5sum or sha1 and then check the signature.
In sourceforge I see that you can find the md5 and the sha1 but they
are both transmited with http and not with https. So, How can I trust
the source? Do I miss something? Someone can hack the router (for
example)
For example if you want to download rEFIT:
http://sourceforge.net/projects/refit/files/rEFIt/0.14/
Cheers,
Dan
Reply to: