At 07:12 AM 11/14/2004 -0600, you wrote:
It appears that we need to modify the PG web site to include checksum and CRC data on each of our files to provide a mechanism of verifying that they have not been nefariously modified after download, so "my" electronic copy can be judged the same as "your" electronic copy.
Yes, but even CRC, hash or md5 values can be forged. All someone would need to do is somehow compromise the PG server. That has happened with a main Debian and gnu server already. How would we make sure that the hashes are real? One solution is gpg signatures, but then someone needs to download and install gpg, a tool to verify the hash, plus the actual text file. The average user won't know how to do this and wouldn't even if they could. Not to mention that the hash and signature process would have to be done every time one byte is changed in the original, such as for correcting errors.