Hacker News new | past | comments | ask | show | jobs | submit login

Providing a checksum along with the binary singlehandedly solves your concerns, and you can add gpg signatures if you want.



A checksum can be falsified as easily as a binary, and so can a signature. Only if you participate in a web or trust are you theoretically better off... but most people don't, so all such measures do is give a false sense of security.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: