Re-add hashsum check to ez_setup.py
For setuptools 0.6 ez_setup.py used to validate the downloaded file against a table of known hashsums. I wonder ... why was this feature removed? It adds a simple layer of security and prevents broken downloads, too.
Python 2.4+ support SHA-1, 2.5+ SHA-2 family (sha224 to sha512). Since setuptools still supports Python 2.4 we have to use SHA-1. It's broken but not as broken as MD5. You can limit the possibility of a collision attack if you include and verify the file size, too.