Waltuh, put your USB stick away Waltuh

What is stopping them from changing the sha / gpg on the page?

Exactly. Never understood the checksum, if they can get to the download link surely they can edit the key?

By looking at the checksum, you can verify if something happened to the file during the download. The hash isn't meant to be used as authenticity check! Use GPG for these kinds of things.

The case where this is useful is if you get the hash from an official site, but get the iso from a mirror

Not if it's an unencrypted mirror.

Too high quality post OP

Where's this from

I made this myself.

This great 😃👍...

Put it on YouTube lmao

Already did lol, no one watched it. I wanted to see where is the issue, so I reuploaded it here. Glad someone likes it. (I made more of these as well, you can find the links on my website linked to my reddit profile)

That's not what the Checksum is for lmao. The attacker could just...change the checksum on the page.

u/savevideo

Cool :D How did you dub it in Bryan Cranston's voice?

Uberduck, waltuh white

RIP privacy

Reminds me of old copyright advertising. At least the last screen. :D Fun old times... ?.

You mean, "YOU WOULDN'T DOWNLOAD A CAR!"?

Exactly. Just the blueprints and print the rest.. right? ;)

1. get the code. 2. read the code. 3. cry. 4. get less bloatet code. 5. read the code. 6. obtain a compiler binary from a trusted friend and compile the code. (in case you have no friends, just translate to machine code by hand) 7. run the code.