owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: > > I notice that the tarballs also include a SHA1 digest. What's the > > point? > > To have a check whether the FTP download was successful to avoid > accidentally using corrupt files, a file integrity check with a > checksum is quite common.
Aha. So it's just a double check on ftp? It's not trying to protect against an attacker targeting the openssl site or the download process?