On Thu, Jul 20, 2017 at 6:00 PM, kmx <k...@atlas.cz> wrote: > Strawberry Perl 5.24.2.1 is available at http://strawberryperl.com >
How come you don't sign the installer? I understand from 2 years ago if you can't use the Microsoft way but can't you use a gpg sig or something like that? Also the installers are not available via HTTPS. I don't want to be subject to a MITM attack when I download the installer and also I want to be sure it's actually from you. The integrity of these files is very important for me they are going to be installed on some important systems. These are the hashes I have, they match what is on the website. Can you please confirm if they are correct: e59ac8f708a621a52857cfc7477cdef19fe1aae9 *strawberry-perl-5.24.2.1-32bit.msi e335e59ec61d3b13de392a43dc6fa3db88b56fec *strawberry-perl-5.24.2.1-64bit.msi