On Thu, 6 Nov 2003, Adam R. B. Jack wrote:

> > One exception could be if the automated process were to also grab the md5
> > (or pgp, but that would be more complicated) from apache.org and verify
> > the file's integrity.
> I think this should be assumed as a minimum. Given this, would you be
> comfortable? [I see 'could be'.]

That would satisfy me.  Some other people seem to have some ideas about
md5 being useless and pgp being the panecia.  I've explained before why I
don't buy that.


Reply via email to