>Each new >version of PGP should contain a file with MD5 hashes of each of the >source files, and the whole file with MD5 hash should be clearsigned >by one of the developers (Branko, I think). I checked the .tar file at soda.berkeley.edu and the sources have several mismatching MD5s. Is anyone looking at this? - Carl