Bear Giles <[EMAIL PROTECTED]> wrote: > The only thing resilient to compromised servers are cryptographically > signed cryptographic checksums. Which requires PGP. Which is not > exportable. And which requires a "chain of trust" to evaluate > whether to trust the key used to sign the checksum.
Actually... for the case of a pre-planned upgrade, a simple md5sum check -- that the downloaded file has a md5sum which matches an archive which has already been examined and "seems clean" -- would be sufficient (at least in terms of mechanical integrity). -- Raul
