Hi, I was wondering how to download a binary in a secured way from sourceforge.
With debian it is very straightforward, you download it, check the md5sum or sha1 and then check the signature. In sourceforge I see that you can find the md5 and the sha1 but they are both transmited with http and not with https. So, How can I trust the source? Do I miss something? Someone can hack the router (for example) For example if you want to download rEFIT: http://sourceforge.net/projects/refit/files/rEFIt/0.14/ Cheers, Dan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAK00fOLPsqKHYUotQfagntqGFLK6X=mdg=yw9zxypmlyuxs...@mail.gmail.com
