Suppose you are downloading say Axis2-1.3 from Apache. You are supposed to get the actual bits from a mirror:
And the actual MD5 and ASC files from here:
Dumb Question is, Is it possible to automagically convey this information on the wire, such that one can write an apache module / greasemonkey+firefox stuff to allow the user to start downloading the file via GET and confirm the integrity of the bits using MD5 hash and/or checking the signature the person who signed the code using some GPG/PGP on the client side.
Is this a good plausible scenario to look at?