Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: md5sums or gpg signatures for offic. rel. packages?

I'll consider it.
BigBear

md5sums or gpg signatures for offic. rel. packages?

I am possibly mising the tree for the forrest, but I can't find either a md5sum or much preferred a gpg signed signature of the official released packages of the winscp installer, source etc.

I guess my fear was right, I have missed the tree entirely ;-). So there is a md5sum, good start.
But the second part still stands. Why is there no signed signature of the package?
BigBear

md5sums or gpg signatures for offic. rel. packages?

I am possibly mising the tree for the forrest, but I can't find either a md5sum or much preferred a gpg signed signature of the official released packages of the winscp installer, source etc.

I have downloaded the current installer and it unpacks with a winscp.com and a winscp.exe in the applications main directory.

Why would it need both a .com and a .exe? Looks strange/(supicious?) to me. Is there a good reason why a package that deals with safe and encrypted transfer of data doesn't come with a signed signature file against which users can verify that they downloaded the "real" package?

my winscp 3.76 files extracted from "winscp376setup.exe" have the following md5sums

09bbb56a7d143b093d0fbe01ffea2496 *winscp376setup.exe

6e2a5adc37adddff44119eb749760e1f *WinSCP3.exe
b4b6ab8aa1efe97107e8a72bb7edfd35 *WinSCP3.com
eb70788abb75b58570e23e5a658fd686 *DragExt.dll

Thanks for a great tool.