Hi all
i’m not a developer but i’m dealing with software code signing, and i have a question for you, not sure if it’s more a technical or
philosophical question.
I have signed my software with a superb EV code signing certificate, with company validation and everything.
I will make this file available for download on my website, and people who will download it will be sure it’s a good file.
A lot of websites they add MD5 checksum next to the download button. I wonder if this can be really useful. If an hacker gains access to my website, he might be able to load another file and at the same time modify checksum too… what do you think about that?
