> That said, if you're OK trusting HTTPS and can do without the manual signing step,
I'm not and cannot. After Diginotar and the Snowden revelations, I place zero trust in CAs. :) > we have an unadvertised JSON backend that can provide > the stable release information you'd need: > https://php.net/releases/active.php. This is used by the bug tracker > in conjunction with pulling version information from qa.php.net, so it > should be reliable. Excellent! This is a wonderful starting point :)
