Currently to verify file integrity with the install script we download sidecar md5 file from yt-project.org. These aren't versioned, and md5 itself is largely deprecated for this.
I've created a new sha512-using version of the install script, which uses sha512 hashes stored in the install script to verify file integrity. This way any time these change we will be notified of them. I'd like it if a few people could test this -- I have -- on pristine systems. It changes both how the files are downloaded and it now uses sha512sum, which should be available on most systems (according to Kacper :).
You can do this by:
and then running it, but maybe supplying an alternate directory rather than the default.
Thanks for any feedback.