On Thu, 6 Nov 2003, Adam R. B. Jack wrote: > > One exception could be if the automated process were to also grab the md5 > > (or pgp, but that would be more complicated) from apache.org and verify > > the file's integrity. > > I think this should be assumed as a minimum. Given this, would you be > comfortable? [I see 'could be'.]
That would satisfy me. Some other people seem to have some ideas about md5 being useless and pgp being the panecia. I've explained before why I don't buy that. Joshua.
