[aweb]

The raspberry Pi 4 installation instructions for Aarch 64 say to download this tar file:
make_clickable_callback(MAGIC_URL_FULL, '
', 'http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-aarch64-latest.tar.gz', '', ' class="postlink"')

The tar file seems to include some very strange files. In particular, there are a bunch of hard links to `../../ca-certificates/extracted/cadir/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem` from places that should absolutely not be hard links to certificates, like `/usr/bin/newgidmap`. It's possible the file is just corrupt, or that the lack of https download link means I've been attacked on the network. But I did download from two completely different network locations, and the fact that the links are into the `ca-certificates` directory makes it seem very nefarious.

Is anyone else worried? Is there anywhere else to download the file?