Andreas Boehlk writes: > I do not agree with this one. IMHO the verification with a trusted GPG-Key is > absolutely sufficiant and the checksum-proof is not needed at all.
True, since validating the signature means validating the secure hash of the contents. That is, the checkum is reisistant to accidental corruption, but the secure hash is *also* resistant to intentional manipulation. The latter is a superset of the former. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users