[OT] Signed download from sourceforge
I was wondering how to download a binary in a secured way from sourceforge.
With debian it is very straightforward, you download it, check the
md5sum or sha1 and then check the signature.
In sourceforge I see that you can find the md5 and the sha1 but they
are both transmited with http and not with https. So, How can I trust
the source? Do I miss something? Someone can hack the router (for
For example if you want to download rEFIT: