On Thu, Jul 20, 2017 at 6:00 PM, kmx <k...@atlas.cz> wrote:

> Strawberry Perl is available at http://strawberryperl.com

How come you don't sign the installer? I understand from 2 years ago if you
can't use the Microsoft way but can't you use a gpg sig or something like
that? Also the installers are not available via HTTPS. I don't want to be
subject to a MITM attack when I download the installer and also I want to
be sure it's actually from you. The integrity of these files is very
important for me they are going to be installed on some important systems.

These are the hashes I have, they match what is on the website. Can you
please confirm if they are correct:
e59ac8f708a621a52857cfc7477cdef19fe1aae9 *strawberry-perl-
e335e59ec61d3b13de392a43dc6fa3db88b56fec *strawberry-perl-

Reply via email to