checksums are overrated. they're usually supplied next to the same bytes that they're protecting, so anything that can modify one can modify the other.
gpg signatures, checksums published on nostr – those are okay
Login to reply
Replies (1)
I agree re: pgp sigs but getting normies to do so? Blasphemy.