On 2025-02-12 10:22:14, Nils Bruin wrote:
> In my opinion, this problem is commonly solved nowadays by curated software
> distributions (through stores, trusted package repositories, etc.) with
> keys that are predistributed with the operating system used. The integrity
> control is then offload
On Tuesday, 11 February 2025 at 23:15:10 UTC-8 Georgi Guninski wrote:
On the mirror I see:
sage-10.5.tar.gz torrent 1535.20 MB 2024-12-04 00:28
MD5: 83dab794f87e989a30e248f3b39c40db
There are several potential issues with this:
1. If the mirror is compromised or MITM'ed, it could provide wh
