Posts by kaisti


    The problem is that the checksum is also provided over http, so that could easily be changes in a man-in-the-middle attack.

    The only way around this that some of it, preferable all, is serviced over https.

    All the download links on the download page downloads – LibreELEC is pointing to http and not https.

    This open up for man-in-the-middle attack.

    So how can I now or check if what I download is genuine LibreELEC software and not some malicious version?

    It down find any PGP signature or any hashes of the software.