Hi, On Tue, Dec 16, 2014 at 5:10 PM, Erik de Bruin <e...@ixsoftware.nl> wrote: > ...Can't we make MD5 checking optional in the installer?...
>From a general Apache point of view, encouraging people to download binaries without verifying them is very bad. Giving people the option to shoot themselves in the foot can be ok, as long as they are adequately warned - so I'd much prefer that you guys leave the checks turned on by default, and provide a way to disable them if you want. BTW md5 cannot be considered safe anymore - there's a nice illustration of that at http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html -Bertrand
