On Saturday 22 May 2004 19:15, mattias lundberg wrote: > Why isn't there any way to verify the authenticity of downloadable files, > like you can do on apache.org where there are PGP hashes for each file? > I know that there are MD5 sums on the website, but I can't assume that the > webpage is not spoofed. There doesn't seem to be any SSL connection to the > website. At least the page that gives the MD5 sums could be secure? Cheers, > Mattias
I usually get the md5 checksums and download the files from separate sites where possible. The chances that both sites are compromised are (hopefully) minimal. To be extra paranoid you may want to check what OS the sites are using and select sites which are running different ones. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* You have many friends and very few living enemies. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
