I stopped at “secret” (yes, the occurrence in the title) :)
TBH the checksums are pretty useless for humans who download an .iso and install it… they are mainly for mirrors and similar that download files without using them
Yeah I think hashes in the same folder are only valuable as a check to make sure you downloaded the file successfully. Which isn’t a big issue for at least the around 80% of internet users who have access to broadband. They are only useful for security if the hash is on the website that you click on and then you download and verify it manually.
I stopped at “secret” (yes, the occurrence in the title) :)
TBH the checksums are pretty useless for humans who download an .iso and install it… they are mainly for mirrors and similar that download files without using them
Also: If someone manages to tamper with the downloadable ISO … they likely will be able to tamper with the signature files, too.
Yeah I think hashes in the same folder are only valuable as a check to make sure you downloaded the file successfully. Which isn’t a big issue for at least the around 80% of internet users who have access to broadband. They are only useful for security if the hash is on the website that you click on and then you download and verify it manually.