…of a file’s SHA256 fingerprint? If I have my terminology correct here…
EDIT: thanks to all who replied. Maybe I should have written “what’s the easiest way to verify an apk file on an android phone?” Unfortunately, I guess I’m not smart enough to understand your answers 🙁
Depends on the context, I think. For me, I rarely do it for personal stuff. If I wanted to be perfect, I could do it, assuming a signature is available to verify, but I’m lazy. I would venture to say most folks don’t do it either.
With that being said, where I have been consistent about doing it has been writing config management code at work. If I need to have it download an installer from an untrusted source, I can verify that I’m installing the same package on all servers by verifying the signature before installation. This doesn’t always work well in all circumstances, though.
That’s interesting and it’s the same for me. But I just started wondering why we apply higher standards at work, when the effects for our personal stuff really affect us as individuals. Thinking about this further I think it’s the perceived threat level and probably we want to deliver good work.
Yes, I agree with you. I’m certainly willing to take more risks with my personal systems than my work systems. Plus, I don’t use any configuration management here at home, so everything I have is setup by hand and unique.