Hello all: Under the present circumstances, and particularly considering the sensitivity of the git code itself, I would suggest that you implement signed detached digital signatures on all release tarballs. Just a crypto hash by itself, however strong, does not protect against man-in-the-middle attacks. Joseph -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html