In light of what happened to an open source program handbrake recently
(you can read all about this here: https://arstechnica.com/security/2017/0 ... or-instead)
(lt;dr: official installer on an official mirror server got hacked and included a trojan. Btw, that trojan quits if it detects the presence of little snitch )
how do I know the dmg file I download, even from official little snitch website, is clean?
I can run codesign on terminal but that require me to mount the dmg file....which I am a bit afraid of without first verifying the download is clean.
The developer of little snitch don't seem to publish any sort of hash values for their dmg file (at least I cannot find it).
So I ran shasum on terminal and this is what I got for LittleSnitch-3.7.4.dmg downloaded on 2017-5-13 on their website.
is there anyone can verify this is a clean dmg file? thanks