How will people know that the hash is trusted any more than the script they are executing? Hash validation is mostly useful if you are comparing the hash from a trusted source to a mirror or CDN object that may have been tampered with.<p>Is the premise that I validate the script works as executed with a known hash, then I link that same script to others, so it is really extending their trust of me vs. the site with the bash script?