4 Dec
2016
4 Dec
'16
4:37 a.m.
You mean the source files that you downloaded and then hashed...
Yes. If the source files are being modified via a MITM attack (which is trivial if the host uses HTTP) the checksum is still useful.