On 5/10/06, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
Henri Yandell wrote:
> > Distributing an MD5 to mirrors is worse than worthless. It
> > gives the unknowning an entirely false sense of security.
> That's a personal opinion though, Noel.
If you mean that putting MD5 files on mirrors is more dangerous than not
having them, it is not much of a judgement call. Its pretty much just plain
accurate from any sort of security perspective, hence your further comment
> when pointing people to the md5 on the download page - point to
> the version on www.apache.org and not the version on the mirror.
Hmmm ... could talk to Joshua Sliva about having those files excluded from
rsync.
It's come up on #asfinfra too; so I made a Jira issue to bring it to
his attention.
http://issues.apache.org/jira/browse/INFRA-798
Hen
