This utility computes MD5 checksums of files, ignoring end-of-line
conventions unless the -b (binary) flag is set.  The file "pgp261.md5"
contains the signatures of all the files in the source.  If you are in
the source directory and run "md5sum -c ../contrib/md5sum/pgp261.md5",
you will get an error message if any files fail to match.  If all
files match, nothing will be printed.

You need to borrow some files from the PGP sources to compile this
utility (md5.c, md5.h, and possibly the getopt implementation);
see the md5sum.c file for details.

The file pgp261.md5 is signed by jis@mit.edu, so you can be
reasonably sure it's correct.  It would be possible for a hard-working
miscreant to fiddle with the distribution so all of this mutual checking
would not show any errors, but it's not going to happen accidentally.
And if you have a previous version of PGP that you trust, it's not going
to happen at all.

The only other thing that's needed is a detached PGP signature of the
files md5sum.c, md5.c and md5.h, and anyone with a previous trusted
version of PGP can be sure that no tampering has occurred anywhere, and
that's here:

md5sum.c:
-----BEGIN PGP MESSAGE-----
Version: 2.6.1

iQCVAwUBLmkvh8UtR20Nv5BtAQGt6AP/S41H9gw7rfifG7W6ZlMviV4VVeov1C54
wkS/rjG3+tCm2Gcixfcx7iPb6wIbg5IqWtjbuPd2xvpyLn8MrN3E4Llak7tOBVg7
insTxrqzjmSNCxVPe3X5+QqnOY7TlI6qIjhZ74Wb9gKiQxKn3f5yjKzJKvpv20a1
ngI7v5BADKQ=
=Qi79
-----END PGP MESSAGE-----
md5.c:
-----BEGIN PGP MESSAGE-----
Version: 2.6.1

iQCVAwUBLmkvv8UtR20Nv5BtAQE/jgQAooUL4iKAeg5alJKGvbFqmFlFz0dakkne
HnX2dDihBHiapkZ/a2dMCMNbDuxWcUdS5/I4RQfhaLPis9WTeQr2d707c4x5+B4a
QPSEAA3fZ0GwX+q8JkZ4XSD3NZbcGJRdudtnp8sYnVY3n7PkzUm6xK7ZcxFxmKTf
lTh4Hf3EAaU=
=mxp3
-----END PGP MESSAGE-----
md5.h:
-----BEGIN PGP MESSAGE-----
Version: 2.6.1

iQCVAwUBLmkvz8UtR20Nv5BtAQHvaAQAq0SZeeArKo5rcRSv25tqa5zFLRDtbZgc
dI8JD0st/Dfj8hZf9KWOBiPQbCD5K4U8SWTAJE4qfNkJGM6gf9hXixuZ/DaEzqQr
ruXxx0/0/pbx48oVKy08kNL2W3/cguJXQjkK0VbqlYUjgy5zApwbkRgjXw3R1mkF
46A7P51mRLg=
=DGCy
-----END PGP MESSAGE-----

These signatures were generated by Jeffrey I. Schiller <jis@mit.edu>.
Jeff's key is supplied in the keys.asc file in the PGP distribution
and is signed by various PGP developers including Phil Zimmermann, so
you know that we are who we say we are, and if there are any trojan
horses in the source, you know who put them there.  Isn't security
fun?)
--
	-Colin <colin@nyx.cs.du.edu>
	Revised by Jeffrey I. Schiller <jis@mit.edu>
