: It _is_ a valid concern in general (I would never use md5 as a : cryptographic hash, e.g., for passwords), but significantly less of a : concern for this use. The most important role of the hash is to : ensure no corruption occurred during transfer.
Bingo: We checksum the files with MD5, we sign the files with GPG -Hoss