Am 04.12.2016 um 05:37 schrieb Maxwell Anselm via arch-general:
>>
>> You mean the source files that you downloaded and then hashed...
>>
> 
> Yes. If the source files are being modified via a MITM attack (which is
> trivial if the host uses HTTP) the checksum is still useful.
> 

The checksum that was created by zou after downloading the compromised
source file.

I don't see how that is useful. The checksum will always be correct and
validate nothing

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to