On 5/10/06, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Actually MD5 is nice just for verifying that your download wasn't
> corrupted. Not everyone uses PGP/GPG....
Nor uses MD5. :-) In any event, the proposal is to have a tool on the ASF
site that will give you the MD5 for any given file. Distributing an MD5 to
mirrors is worse than worthless. It gives the unknowning an entirely false
sense of security.
That's a personal opinion though, Noel. Generally projects are PGP and
MD5'ing their distributions. When such a tool exists to MD5
automatically, then we can stop creating them.
There's an important point in Noel's reply for the Roller release
however - when pointing people to the md5 on the download page - point
to the version on www.apache.org and not the version on the mirror.
We'll hit that when we tackle making a mirrors.cgi download page.
There are problems with people.apache.org (also svn) today, so the
release is going to be held up by that (both in that we can't download
the RC and in that there's no way to get the release released).
Hen
