> One exception could be if the automated process were to also grab the md5
> (or pgp, but that would be more complicated) from apache.org and verify
> the file's integrity.

I think this should be assumed as a minimum. Given this, would you be
comfortable? [I see 'could be'.]



Reply via email to