Henri Yandell wrote:
> > Distributing an MD5 to mirrors is worse than worthless. It
> > gives the unknowning an entirely false sense of security.
> That's a personal opinion though, Noel.
If you mean that putting MD5 files on mirrors is more dangerous than not
having them, it is not much of a judgement call. Its pretty much just plain
accurate from any sort of security perspective, hence your further comment
> when pointing people to the md5 on the download page - point to
> the version on www.apache.org and not the version on the mirror.
Hmmm ... could talk to Joshua Sliva about having those files excluded from
rsync.
--- Noel
