download verification with md5?

Justin Sherrill justin at
Fri Jan 3 06:21:51 PST 2020

On Fri, Jan 3, 2020 at 4:51 AM Michael Neumann <mneumann at> wrote:

> Given that your private key stays secured this adds another layer of
> security. Right now, even using SHA256 checksums would be no more secure
> in case you download the checksum file (md5.txt or sha256.txt) from the
> same mirror server as the file itself.
> If you need help setting this up, please let me know.

This is a good idea, and a very helpful writeup.  I'm low on time (as
is everyone, always) but I'm not working this weekend - let me see how
far I get.

More information about the Users mailing list