On Wed, 2006-02-15 at 09:51 +0000, Philip Hazel wrote:
> The point of the MD5 checksum is to ensure that the distribution has not
> been tampered with. If somebody breaks in to the FTP site and tampers
> with the distribution, they could just as easily tamper with the
> checksum.
Add a gpg signature to the MD5 sums file (text inline type). Of course
if people are not looking at the detached signature file then they are
unlikely to check the authenticity of that file.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]