> Why go to all this troubble? Just post MD5 sums on the web page of the > various distributions.
I'm thinking of users in countries which censor Internet usage, have no access to the Freenet site at SourceForge and hence, need to download Freenet from mirror sites. In this case, signed code would increase trust in a Freenet distribution. The proposed MD5 hash does not protect against an "attack" where an evil party puts a modified JAR on its "mirror", which could present an valid hash for the modified code. Karsten _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
