WimpyWoodchuck@feddit.detoOpen Source@lemmy.ml•Microsoft is censoring criticism on their new open source project
6·
2 years agoThis article is from 2020.
This article is from 2020.
This is a good question and a valid concern. However, I wonder if the app really makes in worse then it’s already is. GitHub has no way to share checksums with the builds. The only way to do that is to upload a checksum file alongside the binary. But if an attacker is able to upload/replace a malicious binary, they would be able to replace its checksum file as well. So you wouldn’t be able to recognize this anyway, even when downloading it GitHub, would you?
It’s also well known that so called anti-virus software is doing crazy shit on your machine and is actually opening it up for many exploits.