- Debian provides SHA-512 checksums of those ISO images
- the checksums are signed cryptographically
- web server is not the only distribution point
- Debian packages are distributed signed, so once you have your OS installer somehow verified, you're much safer than with Homebrew
Granted, SHA-512 checksums and their GPG signatures are not exposed very
prominently on Debian's homepage. You need to go to the listing of directory
with ISO instead of clicking "download ISO" direct link.
- Debian provides SHA-512 checksums of those ISO images
- the checksums are signed cryptographically
- web server is not the only distribution point
- Debian packages are distributed signed, so once you have your OS installer somehow verified, you're much safer than with Homebrew
Granted, SHA-512 checksums and their GPG signatures are not exposed very prominently on Debian's homepage. You need to go to the listing of directory with ISO instead of clicking "download ISO" direct link.