www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: Summary
Date Thu, 02 Mar 2006 23:27:41 GMT
> I think Brett has a point. Keep the md5 and/or sha1 for simple download
> verification

They are absolutely worthless if you download them from anywhere other than
a trusted source, which excludes mirrors.

This is why Henk P. Penning is pushing for us to stop distributing MD5s, and
to require users to verify downloaded files against MD5s maintained here.
See his message
http://mail-archives.apache.org/mod_mbox/www-repository/200603.mbox/%3cPine.
GSO.4.44.0603020038260.7085-100000@castor.cs.uu.nl%3e

	--- Noel


Mime
View raw message