Version: (using KDE KDE 3.1.2) Installed from: Gentoo Packages OS: Linux It would be useful if KGet had an optional feature to check for and verify downloads against PGP signatures or md5sums if they are available at the same location as the downloaded file. (Perhaps this would need to be enabled on a per-site basis, or per-filetype, to avoid too many unnecessary requests?)
*** This bug has been confirmed by popular vote. ***
Once metalink (http://bugs.kde.org/show_bug.cgi?id=124010) is supported, KGet can use the checksums/hashes and PGP signatures included there. <verification> <hash type="md5">example-md5-hash</hash> <hash type="sha1">example-sha1-hash</hash> <hash type="pgp"/> </verification>
*** Bug 150447 has been marked as a duplicate of this bug. ***
http://mirrorbrain.org/news_items/metalinks_now_with_PGP_signatures Metalinks from openSUSE now contain PGP signatures, along with full file and partial file checksums. It would be great if KGet verified checksums, and automated integrated signature verification w/ Kgpg somehow.
Added signature-verifying support to trunk (I added checksum-verifying support a few months ago).