zlacker

[parent] [thread] 2 comments
1. firest+(OP)[view] [source] 2025-12-06 15:46:35
There is a secure domain to download from as a mirror. For extra high security, the hash should be delivered OOB like on a mailing list but it isn’t
replies(1): >>maccar+ej
2. maccar+ej[view] [source] 2025-12-06 18:22:40
>>firest+(OP)
Where is that mirror linked from? If for the HTTP site that’s no better than downloading it from the website in the first place.

> for extra high security,

No, sending the hash on a mailing list and delivering downloads over https is the _bare minimum_ of security in this day and age.

replies(1): >>firest+JL
◧◩
3. firest+JL[view] [source] [discussion] 2025-12-06 22:29:51
>>maccar+ej
You can use this site https://distro.ibiblio.org/tinycorelinux/downloads.html

And all the files are here https://distro.ibiblio.org/tinycorelinux/16.x/x86/release/

I posted that above in this thread.

I will add that most places, forums, sites don’t deliver the hash OOB. Unless you mean like GPG but that would have came from same site. For example if you download a Packer plugin from GitHub, files and hash all comes from same site.

[go to top]