Need hash sums for .EXE if from sourceforge
Mark Doliner
mark at kingant.net
Thu May 31 19:17:45 EDT 2012
On Tue, May 8, 2012 at 6:29 PM, BobH <134ra5w02 at sneakemail.com> wrote:
> IIRC, prior to 2.10.4 the Windows installer was downloaded directly from the
> pidgin.im site. Now, however, the download button gets you to some random
> mirror of sourceforge.
Just to clarify, the download button is certainly different now, but
the old and new button link to the same URL (the new URL just has a
few extra parameters on the end).
> since the installer has an "unknown publisher" I'd like to confirm (e.g., via md5
> or sha1 hash) that the download I am getting from sourceforge hasn't been
> tampered with. Can someone point me to the hash sums?
I don't have checksums for the files, sorry. But you raise a good
question... maybe we should be signing our Windows builds somehow?
Maybe we normally do that, but this build was built by a different
person? Or maybe we would have to go through some kind of crazy
certification system in order to get a certificate?
I could always create gpg signatures of the .exe files the same way we
do for the tar balls.
More information about the Support
mailing list