Hugh Sasse Staff Elec Eng wrote:
> Putting this information on the same machine as the file itself
> would not help, because both the file and the alleged digest could
> both be tampered with if the machine were compromised.  Is it worth
> holding this sort of data on RubyCentral and/or a non-wiki part of
> RubyGarden?

an alternative would be for matz to digitally sign the *.md5 file 
(provided that matz uses pgp/gpg and his public key is easily 
available). that way, the md5 is not so easily tampered.

-- 
dave