Why check the MD5 sums? Its trivial to find a collision, so that's sort of useless if you're
trying to keep peace of mind wrt to such tampering. (NB. This is tar we're talking about here;
appending the random data necessary for a collision makes the attack exceptionally trivial.)
I'm baffled why people haven't switch to SHA-1 or better. MD5 has been broken for quite awhile
now. Maybe Slashdot needs to send out a memo again.