3 Dec
2016
3 Dec
'16
8:37 p.m.
You mean the source files that you downloaded and then hashed...
Yes. If the source files are being modified via a MITM attack (which is trivial if the host uses HTTP) the checksum is still useful.