[OT] Signed download from sourceforge

To: Debian User List <debian-user@lists.debian.org>
Subject: [OT] Signed download from sourceforge
From: Dan <ganchya@gmail.com>
Date: Thu, 15 Sep 2011 20:01:08 -0400
Message-id: <[🔎] CAK00fOLPsqKHYUotQfagntqGFLK6X=mdg=Yw9zxyPmLYUxsUOw@mail.gmail.com>

Hi,

I was wondering how to download a binary in a secured way from sourceforge.

With debian it is very straightforward, you download it, check the
md5sum or sha1 and then check the signature.

In sourceforge I see that you can find the md5 and the sha1 but they
are both transmited with http and not with https. So, How can I trust
the source? Do I miss something? Someone can hack the router (for
example)

For example if you want to download rEFIT:
http://sourceforge.net/projects/refit/files/rEFIt/0.14/

Cheers,
Dan

Reply to:

Follow-Ups:
- Re: [OT] Signed download from sourceforge
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Worst Admin Mistake? was --> Re: /usr broken, will the machine reboot ?
Next by Date: Re: Encoder for linux
Previous by thread: Re: nvidia driver strangeness
Next by thread: Re: [OT] Signed download from sourceforge
Index(es):
- Date
- Thread