On 2013/09/12 00:55, Ville Valkonen wrote: > Not sure whether this is already proposed but here's my two cents: why > not to check SHA256 sums from the various mirrors and perform the > comparison? > > -- > Cheers, > Ville Valkonen >
How does this help prove that the files haven't been tampered with? If someone malicious is sitting close to you in your network path, they can just as easily pretend to be all the mirrors as they can pretend to be just one of them.
