where are the efforts to standardize download integrity metadata? (appcasting?)
I download open-source software all the time and am continually perplexed by the fact that on the one hand, so many sites (Apache, MySQL, Eclipse) give download integrity information through MD5 hashes and/or digital signatures, especially since download mirror sites are involved that are potentially vulnerable to hacker attacks, but the format of this download integrity information is human-readable and not machine-readable.
|