On Tue, 11 Nov 2025 11:34:41 +0100 W. Kosior via Replicant wrote: > Well, if you download the certificate file from [1], then your browser > actually verifies the certificate chain used by the letsencrypt.org > website.
But in the particular case, the web browser (on Replicant) does not have that certificate, i.e. it cannot verify the chain, right? > [...] to verify that the mirror owner is not > doing something nasty. However, when both the checksum and the file > are served from the same server, the checksum brings little benefit. What about integrity checks? Are those useless? Also why not put the ckecksums on different hosts too? _______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
