Thank you for your quick response.
I'm not convinced by your arguements yet. I comment in between.
On 08/12/13 04:13, Francisco Ruiz wrote:
In your message, you wrote:
1. I have to *run* it to get the hash of the application from the help
page. That is already a leap of faith to run
In your message, you wrote:
1. I have to *run* it to get the hash of the application from the help
page. That is already a leap of faith to run unverified code.
Good point. A counterfeit copy of the page might lead to a different
server, and the help page thus obtained would display a different
