James,
My request is:
Put the MD5 value as a text string somewhere on the page.
Ok, I've changed that now.
Still, IMHO, listing checksums on the same webpage as the downloadable file
doesn't make much sense, security-wise. If an attacker can modify the script, he
most probably can change the checksum on the webpage as well. That's why I
include the checksum in the postings to the pca-news mailing list, to have a
second independent channel.
You can also get PCA via HTTPS, BTW:
https://www.par.univie.ac.at/solaris/pca/stable/pca
hth,
Martin.
