On Tue, May 8, 2012 at 6:29 PM, BobH <[email protected]> wrote: > IIRC, prior to 2.10.4 the Windows installer was downloaded directly from the > pidgin.im site. Now, however, the download button gets you to some random > mirror of sourceforge.
Just to clarify, the download button is certainly different now, but the old and new button link to the same URL (the new URL just has a few extra parameters on the end). > since the installer has an "unknown publisher" I'd like to confirm (e.g., via > md5 > or sha1 hash) that the download I am getting from sourceforge hasn't been > tampered with. Can someone point me to the hash sums? I don't have checksums for the files, sorry. But you raise a good question... maybe we should be signing our Windows builds somehow? Maybe we normally do that, but this build was built by a different person? Or maybe we would have to go through some kind of crazy certification system in order to get a certificate? I could always create gpg signatures of the .exe files the same way we do for the tar balls. _______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
