Robert Allely wrote:
Because it can't be, and be useful?

The MD5 is a way to verify that what was downloaded is what was published.
To be useful, the MD5 has to be verified *independently*. Use a tool
that you trust not to lie about the MD5 it produces, one that you have no
reason to believe is aware of anything about the input you give it. If
your trusted tool produces the same MD5 as the published one, you have
some assurance you downloaded and uncorrupted, unadulterated file.

Were Ingres to provide the MD5 tool, it would be the fox guarding the
henhouse. If someone wanted to produce a trojan Ingres tool, it would be
quite easy. He would have all the source code, into which he could embed
his malware. And he could post, alongside his "Ingres" tool, an "MD5"
checker specially designed to output the MD5 of the bona fide Ingres.

True, none of this is much of a worry if you're downloading the file from
Ingre's own site, if you trust it. The MD5 is there in case you don't.

HTH.

--jkl