Conversation:
Notices
-
@nybill Unless it's signed qith their PpenPGP key (and you have a _trusted_ copy of their public key) I'd probably visit their official archive + a random mirror and check the SHA* sum which should be listed in some file. (and then do the same procedure with TorBrowser to compare, if you're paranoid someone is targeting your IP range or your browser's User Agent for example)
-
@nybill Just make sure you didn't download some dodgy ISO, given Linux Mint's history on server keeping!
-
@mmn OpenPGP .)