md5 verification of downlods / iax.conf sample removal docs update

[dougbtv]

• Updates docs & removes sample iax configurations for #44
• Uses md5 verification of downloaded images for #43

[ghost]

MD5 is insecure too... and downloading it over HTTP is just useless as it can be tampered on-the-fly as well. You should, instead, as there is no alternative due to the poor security these websites offer, hardcode the SHA512 checksum of the files and compare it instead of getting it from their respective websites. People will still be able to get the real sources and verify the hash themselves.

[dougbtv]

Valid points for sure.

Hrmm, if I hardcode the sha512 checksum myself... then you have to trust my connection.... I guess, right? (happy to take any input there) I think providing the md5sum as a way to memorialize how it's been verified is just as good/bad as hardcoding it -- at least the way I'm thinking about it here.

Also, it's a maintenance chore to manually verify each release, part of the fun is that I can rebuild quickly. Happy to take any input there.

Likely... The real this is this needs to be addressed at the distribution of the software. @pwnsdx