Hacker News new | past | comments | ask | show | jobs | submit login

I don't see much value in published file hashes when they're hosted on the same site that hosts the files. If someone compromises the download link they're probably in a good position to update the hashes too.



The purpose of the hashes isn't to prove the file hasn't been tampered with, its confirm that the file wasn't corrupted during download.


Then just use checksum instead of an obsolete cryptographic hash.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: