> > > > I.e. if the executable doesn't have the md5 checksum set in
> > > > the md5 section (newly installed, not yet prebound), the
> > > > executable has been modified since it was prebound (again,
> > > > newly installed), and probably others ("etc." above), it does
> > > > not match.
> >
> > Right.
>
> So, the checksum is effectively just used as a "magic number",
> AFAICT.  Since it is not actually checked at runtime, it's really
> hard to see what benefit this has over either a simpler checksum
> that _is_ checked or a random number that need never be computed
> from the (potentially quite large) input at all.

Re-validation via a stand-alone tool is made possible this way; a
random number would not have the same property.

Runtime checksum validation (using MD5 or other algorithms) probably
goes so much against the goal of making the resulting process consume
less time than what we have now that the potential gains are lost.

Regards,

- H=E5vard