Comment 6 for bug 1288593

Doug: What I believe is important in this case is that the hashes are:
a) somewhere easy for downloaders to find (ideally, linked to from the download page) so that users can verify that they have the correct file and
b) protected by https in order to decrease the chances that the hashes were tampered with.

Currently, neither is the case except for the https-protected MD5 page.

Thank you for your attention on this!