A small request. Can the md5 sum hash for the various release files be published at the main GCC release pages ? If we look at http://gcc.gnu.org/gcc-4.2/ there is no md5 sum there and while I can find that data at a mirror thus :
ftp://ftp.mirrorservice.org/sites/sources.redhat.com/pub/gcc/releases/gcc-4.2.4/md5.sum .. there is no statement of the authenticity of that source file. I can confim that the md5sum from *that* specific mirror is correct but that does not convince me that I have a valid tar file : vesta:/mnt/lfs/sources/tarballs# md5sum gcc-4.2.4.tar.bz2 d79f553e7916ea21c556329eacfeaa16 gcc-4.2.4.tar.bz2 The truth is, I can uncompress that tar file and then recompress it and get a different md5sum for the exact same input file. That would also be a valid md5 hash but only for my personal internal mirror. Really, there should be, in my opinion, a single master page with the md5sum of the uncompressed tar ball and then the average user can confirm that it is correct from the master signature page. Dennis
