On 21 April 2015 at 23:05, Steve Dower <steve.do...@microsoft.com> wrote: > I made it a self-extracting RAR file so it could be signed, but I've already > had multiple people query it so the next release will probably just be a > plain ZIP file. I just need to figure out some reliable way of validating the > download other than GPG, since I'd like installers to be able to do the > download transparently and ideally without hard-coding hash values. I might > add a CSV of SHA hashes to the zip too.
You could probably just leave it as is (or make it a self-extracting zip file) and just describe it on the web page as "Windows amd64 embeddable self-extracting archive". People are (I think) pretty used to the idea that they can open a self-extracting archive in tools like 7-zip, so those who didn't want to run the exe could do that (and would know they could). Obviously extracting that way you don't get the signature check, but that's to be expected. Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
