Comment Re:easy workaround (Score 1) 512
The MD5 sum is only protecting against transmission errors and other accidental data corruption. It is NOT a protection against intentional modifications. It is simply too weak for this. To think a binary is not modified only since the MD5 sum is correct is simply a very stupid assumption to make.
If you want that kind of security, why not demand a gpg-signed binary?
The truth is not one of the Linux distros, AFAIK, do this yet in full scale, and you sometimes are lucky even to get a hash at all.
If you want that kind of security, why not demand a gpg-signed binary?
The truth is not one of the Linux distros, AFAIK, do this yet in full scale, and you sometimes are lucky even to get a hash at all.
