On Thu, Jul 20, 2017 at 6:00 PM, kmx <k...@atlas.cz> wrote:

> Strawberry Perl 5.24.2.1 is available at http://strawberryperl.com
>


How come you don't sign the installer? I understand from 2 years ago if you
can't use the Microsoft way but can't you use a gpg sig or something like
that? Also the installers are not available via HTTPS. I don't want to be
subject to a MITM attack when I download the installer and also I want to
be sure it's actually from you. The integrity of these files is very
important for me they are going to be installed on some important systems.

These are the hashes I have, they match what is on the website. Can you
please confirm if they are correct:
e59ac8f708a621a52857cfc7477cdef19fe1aae9 *strawberry-perl-5.24.2.1-32bit.msi
e335e59ec61d3b13de392a43dc6fa3db88b56fec *strawberry-perl-5.24.2.1-64bit.msi

Reply via email to