[Rüdiger Kuhlmann] > In how far is > http://www.micq.org/binary/md5sums > http://www.micq.org/binary/md5sums.asc > not good enough? If the goal is to detect trojans in the source, the digital signature is only as good as the signer, and when the upstream author inserts the trojan, the signature is no use, as the signer is not to be trusted.