How to: Verify Github downloads? (sopuli.xyz)

submitted 1 month ago by theorangeninja@sopuli.xyz to c/linux4noobs@programming.dev

6 comments fedilink hide all child comments

So I run Linux for a bit now but I am still not fully confident with downloading "random" Appimages or .tar archives (I don't even know how to run/compile the archives but that is another problem lol) from Github or something.

I try to verify the hashes or GPG signatures for all the programs but not every developer provides a latest.yml.

I revently noticed sometimes Github shows a sha256 sum next to the files in the release tab but not in every repo and is this just a second layer or is this a substitution for the latest.yml?

Is there something I am missing or should I not worry too much when using Appimages or Flatpaks because they are sandboxed anyways?

you are viewing a single comment's thread
view the rest of the comments

[-] Auster@thebrainbin.org 4 points 1 month ago

Hash, as anamethatisnt said, is just to confirm nothing's corrupted.

Without knowing how to read code, best you can do is check the issues section, the number of "stars" in the repo (similar to likes), if the AppImage is provided by someone other than the original author (common when the original project doesn't include an AppImage), and other indirect signs.

If you know a bit of troubleshooting, not to be confused with knowing how to code, you could also download the AppImage to a virtual machine, cut all direct communications of the virtual machine to the internet and to the host machine, and unpack the AppImage to see if any files are amiss.

Alternatively, but that also requiring some knowledge of troubleshooting, you could ask a LLM to make an "AppImage recipe" for the program you want and it should explain step by step how to make the needed AppImage. And troubleshooting comes into play because you better check at each step if it isn't hallucinating or linking you to shady sites (latter extremely rare in my experience but better than to trust blindly).

this post was submitted on 20 Apr 2026

19 points (100.0% liked)

linux4noobs

3208 readers

27 users here now

linux4noobs

Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.

Seeking Support?

Mention your Linux distro and relevant system details.
Describe what you've tried so far.
Share your solution even if you found it yourself.
Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
Properly format any scripts, code, logs, or error messages.
Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.

Community Rules

Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
Posts must be Linux oriented
Spam or affiliate links will not be tolerated.

founded 2 years ago

MODERATORS

PlutoParty@programming.dev