The website http://co10esc.anzp.de is only available over insecure HTTP, and there is currently no way to download the latest pre-packed mission files in a way that guarantees file authenticity and integrity. Theoretically, a malicious third party could manipulate the downloads to contain malware.
Could you add a TLS certificate to the website so that the packed mission files could be downloaded securely over HTTPS? Let's Encrypt offers free TLS certificates and provides an easy method of getting one.
If enabling HTTPS is infeasible for some reason, you could alternatively compute and publish SHA256 cryptographic hashes for the mission zip files. Users can then hash the downloaded mission zip file and check that the user-computed hash matches the expected hash. These hashes can be computed with the Get-FileHash powershell cmdlet on Windows and with the sha256sum utility on Linux.
Note that these expected hashes should be computed on known-good mission zip files and published in a secure way to be useful at all. For example, first downloading the mission files from http://co10esc.anzp.de over insecure HTTP and then using those files to compute the expected hashes, or publishing the expected hash values on the same HTTP-only website next to the mission files would defeat the purpose of hashing.
A decent option could be to compute the hashes on the same device right after compiling the mission, and then publish the hashes in the Bohemia forum thread (which uses HTTPS) with a well-known user account of one of the mission developers.
The website http://co10esc.anzp.de is only available over insecure HTTP, and there is currently no way to download the latest pre-packed mission files in a way that guarantees file authenticity and integrity. Theoretically, a malicious third party could manipulate the downloads to contain malware.
Could you add a TLS certificate to the website so that the packed mission files could be downloaded securely over HTTPS? Let's Encrypt offers free TLS certificates and provides an easy method of getting one.
If enabling HTTPS is infeasible for some reason, you could alternatively compute and publish SHA256 cryptographic hashes for the mission zip files. Users can then hash the downloaded mission zip file and check that the user-computed hash matches the expected hash. These hashes can be computed with the Get-FileHash powershell cmdlet on Windows and with the sha256sum utility on Linux.
Note that these expected hashes should be computed on known-good mission zip files and published in a secure way to be useful at all. For example, first downloading the mission files from http://co10esc.anzp.de over insecure HTTP and then using those files to compute the expected hashes, or publishing the expected hash values on the same HTTP-only website next to the mission files would defeat the purpose of hashing.
A decent option could be to compute the hashes on the same device right after compiling the mission, and then publish the hashes in the Bohemia forum thread (which uses HTTPS) with a well-known user account of one of the mission developers.