md5sums or gpg signatures for offic. rel. packages? :: Support Forum

BigBear
Joined:: 2005-10-31
Posts:: 2

md5sums or gpg signatures for offic. rel. packages?

2005-10-31 17:03

I am possibly missing the tree for the forest, but I can't find either a md5sum or much preferred a gpg signed signature of the official released packages of the winscp installer, source etc.

I have downloaded the current installer and it unpacks with a winscp.com and a winscp.exe in the applications main directory.

Why would it need both a .com and a .exe? Looks strange/(suspicious?) to me. Is there a good reason why a package that deals with safe and encrypted transfer of data doesn't come with a signed signature file against which users can verify that they downloaded the "real" package?

my winscp 3.76 files extracted from winscp376setup.exe have the following md5sums

09bbb56a7d143b093d0fbe01ffea2496 *winscp376setup.exe

6e2a5adc37adddff44119eb749760e1f *WinSCP3.exe
b4b6ab8aa1efe97107e8a72bb7edfd35 *WinSCP3.com
eb70788abb75b58570e23e5a658fd686 *DragExt.dll

Thanks for a great tool.

Reply with quote

BigBear

md5sums or gpg signatures for offic. rel. packages?

2005-10-31 17:10

I guess my fear was right, I have missed the tree entirely ;-). So there is a md5sum, good start.
But the second part still stands. Why is there no signed signature of the package?

Reply with quote