Let's say that I'll download an installer for a program on Windows and the publisher has released PGP Signature for the file.
The installer file does not have any code signing certificates.
If I connect to the publisher's website with https and check that the URL is correct, do you think I should still verify the hash?
From what I understand, the purpose of this is to make sure that the download was not intercepted by a third party and to make sure that I downloaded the correct file.
Is that still a threat even if I connect with https and check the URL?
Aucun commentaire:
Enregistrer un commentaire