Hi. I just saw Daniel recommended we add checksums to our release. I admit it is very common but I fail to understand the purpose.
We add a checksum file showing e.g. MD5 for the zip, to make sure the zip is not manipulated....BUT If someone can change the content of the zip in the location, what is stopping them from also generating a new MD5. For a checksum to be effective (and likewise with the KEY) it needs to be stored in a different more safe place, so an offender would have to break 2 places. Please help me understand where my argument is wrong ? rgds jan i.
