Will pip2 install verify the checksum of the downloaded file with a satisfying degree of security. One thing I could hope for is verifying the asc signature and that it is signed by trusted root certificate.
When installing like: sudo -H pip2 install
https://download.electrum.org/2.8.3/Electrum-2.8.3.tar.gzI found some info on how to verify the asc signature, like below, but is this necessary or already done by pip2 or the python setup script?
gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
gpg --fingerprint
gpg --verify Electrum-2.8.3.tar.gz.asc
Best Alex
PS: Signature verification thread:
https://bitcointalk.org/index.php?topic=1046484.0