On Tue, Nov 11, 2014 at 11:36 PM, Matthew Knepley <knep...@gmail.com> wrote:
> I don't actually care whether we keep this check. However, I do think the > arguments advanced so far do > not amount to more than prejudice. I don't think a security argument holds > water for a system that > downloads tarballs from other sites without any kind of check. > Are you referring to PETSc? All HashDist downloads are cryptographically verified, which is one of the reasons we're trying to move away from this sort of thing. A