Btw signatures is the thing I want to see as ordinals / on the blockchain. How can I trust the signature when it comes from the same site I download the software I want to verify?
The blockchain is on my node, always verified, always telling the truth.
we verify the signature using other sources on the web, that it was signed by the key we expect. that's how we verify.
ultimately youre right though theres some level of trust like, did you manufacture each processor and modem/interface in your device yourself? and even in some bizarre world where you did, can you trust the machine which manufactured them
asking questions, verifying, is great. more of it!
I was just wondering like for 20+ years 'wtf download link and literally next line checksum for verify -- I mean that's like "why would someone just corrupt one of these two and not both?" '
In the blockchain the checksum would have a verified date, it would be proven to be present at that day already, it could not be replaced by another (newer) version.
And I know, it basically spams Bitcoin, but we talk about security and Bitcoin is the most secure ledger in the solar system.