The problem with this of course is that you need to trust a third party: The
Internet Archive. Unless you have some checksums of binaries or - much better
of course - the Tor developer's PGP keys. If you have some way of verifying
what you download, this circumvention method might be a good idea. But if not,
it's a little bit risky. Especially since the Internet Archive's webserver
does not enforce HTTPS. That's one more way to screw up and get
man-in-the-middle attacked.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
