Hi guys,
I was wondering how you verify the downloads you make from here and other similar sites.
Any potential malware would surely not be bundled with the zip/rar files themselves but load them from external sources.
One idea I had for updating a site was creating diff files between versions of the plugins provided here and use these to update the site. This follows the assumption, that a malware distributor would keep their method of injecting the bad code, so in a diff they would not show up.
Another idea I had was comparing the download from two dodgy sites and seeing if they match. If they were provided by malicious actors, I would assume that they each modify the files in their own best interest.
I would not use any of these files in production anyways, but even for experimenting I would rather not expose myself to that risk.
Looking forward to your replies.
I was wondering how you verify the downloads you make from here and other similar sites.
Any potential malware would surely not be bundled with the zip/rar files themselves but load them from external sources.
One idea I had for updating a site was creating diff files between versions of the plugins provided here and use these to update the site. This follows the assumption, that a malware distributor would keep their method of injecting the bad code, so in a diff they would not show up.
Another idea I had was comparing the download from two dodgy sites and seeing if they match. If they were provided by malicious actors, I would assume that they each modify the files in their own best interest.
I would not use any of these files in production anyways, but even for experimenting I would rather not expose myself to that risk.
Looking forward to your replies.