Manoj Srivastava wrote: > Before we make such a push, we should at least ensure that it > is something we really want to do. I think locally generated > checksums are a better solution. To me, the main use of md5sums seems to be verifying nothing bad (as in accident, not malicious manipulation) happened to the extracted files. md5sums included in the packages do that even earlier than those generated. Cheers T.
Description: PGP signature