Thinking this i just realized that could decreased downloads/views on the sister site, others mirrors could be used with no fear of byte manipulation/injection, there's others negative things?

The positive side is that releases on aging process and falling apart from official mirrors, can be verified if found in other places, keeping there's trust, no DMCA will be enough.

The Digest (made by md5 or sha1 algo) could be encrypted with a team private key, and decrypt with an team public key (that any one could have) on an asymmetric encryption.

It's maybe utopia, i don't have a clue if could work, you have a opinion?

 

That is smart, since plain text md5 / sha1 can itself be changed as well making that useless

R2R has a certificate system, if you have installed the certificate, all legit R2R releases (except the exceptions which they mentioned in their NFO) will show up as from a "trusted" source when installer is opened asking for admin rights on Windows.

VR encrypts its installers and uses its own version of Inno Setup, I never saw a VR keygen. They patch binary directly. So its impossible for anybody to directly patch the setup unless he knows how to unpack VR setup. Someone with decent RE knowledge can probably do it tho

 

I missed this release but found now on the sister site, a lot better than my idea, thanks!