Linux distributions ship artifacts from building open source projects, often they’re even built in a deterministic way so that third parties can verify that they haven’t been tampered with.
Closed binaries tend to come from corporations and are often full of nasty things, wether the hash verifies or not isn’t the problem.
Closed binaries tend to come from corporations and are often full of nasty things, wether the hash verifies or not isn’t the problem.