Would it not be enough to hash all extensions on the
distributor side, and
to check the hash sum on the client side using https for the connection?
I guess this would suffice for ensuring integrity, but what about the other
distribution meta-data? Where to get it from, how to manipulate it, and how
to format it? Since WP and PEAR have systems that do (now) well at that, it
makes a lot more sense to just copy what they do instead of trying to
re-invent the wheel and make all the same mistakes they did.
--
Jeroen De Dauw
*
http://blog.bn2vs.com
*
http://wiki.bn2vs.com
Don't panic. Don't be evil. 50 72 6F 67 72 61 6D 6D 69 6E 67 20 34 20 6C 69
66 65!
--