If you download a tarball, you can google the sha256sum to see if at least Debian, a couple of mailing lists etc. have the same one. If your GPG signature is in your keychain, it's safer anyway. HTTPS by itself does not…
If you download a tarball, you can google the sha256sum to see if at least Debian, a couple of mailing lists etc. have the same one. If your GPG signature is in your keychain, it's safer anyway. HTTPS by itself does not…