On Tue, Jun 11, 2013 at 11:48 AM, Rob Weir <robw...@apache.org> wrote:
> On Tue, Jun 11, 2013 at 11:39 AM, Donald Whytock <dwhyt...@apache.org> > wrote: > > On Tue, Jun 11, 2013 at 11:33 AM, Rob Weir <robw...@apache.org> wrote: > > > >> On Tue, Jun 11, 2013 at 11:03 AM, Donald Whytock <dwhyt...@apache.org> > >> wrote: > >> > Okay, got it now. Under the circs, then, do you still want it > proofed? > >> > > >> > >> At this point, looking more for content/message review. Does this > >> answer the questions that we are receiving? Any additional points we > >> should make? > >> > > > > Checksum verification, perhaps? Apache does not warrant or guarantee > > anything Not Invented Here, so to make certain your purchased copy is > > correct you can follow the steps linked <here>? > > That's an important one. Unfortunately getting someone (non-Linux > user) to install an MD5 checksum tool is non-trivial and as such will > tend not to be done. > > Something I've wondered ... Is it possible at all to implement a > checksum calculator that runs locally in Javascript? The tool would > ask the user to browse for their download, calc the checksum, and > then, based on the filename, retrieve the expected checksum from the > website and compare the two. Until we make it as easy as that I think > end-users will never do it. > I like that. Since all Apache downloads I've seen have MD5 keys, this seems like something that would be useful foundation-wide. An Infra request/suggestion?
