On Thu, 6 Nov 2003, Adam R. B. Jack wrote:
> > One exception could be if the automated process were to also grab the md5
> > (or pgp, but that would be more complicated) from apache.org and verify
> > the file's integrity.
> I think this should be assumed as a minimum. Given this, would you be
> comfortable? [I see 'could be'.]
That would satisfy me. Some other people seem to have some ideas about
md5 being useless and pgp being the panecia. I've explained before why I
don't buy that.