…of a file’s SHA256 fingerprint? If I have my terminology correct here…

  • Matt@netmonkey.tech
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Depends on the context, I think. For me, I rarely do it for personal stuff. If I wanted to be perfect, I could do it, assuming a signature is available to verify, but I’m lazy. I would venture to say most folks don’t do it either.

    With that being said, where I have been consistent about doing it has been writing config management code at work. If I need to have it download an installer from an untrusted source, I can verify that I’m installing the same package on all servers by verifying the signature before installation. This doesn’t always work well in all circumstances, though.

    • state_electrician@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That’s interesting and it’s the same for me. But I just started wondering why we apply higher standards at work, when the effects for our personal stuff really affect us as individuals.