Windows installers do not have GPG or Authenticode signatures, SHA-512 not provided

[kyanha]

Windows installers for Mosquitto 1.5.3 available from http://mosquitto.org/download/ are made available only over unencrypted http, are not signed with GPG or Authenticode signatures, and their SHA-512s are not made available either. There is no means of verifying the authenticity of this code that is demanding elevation to be able to install.

[karlp]

If this is a concern for you, I recommend building from the signed source.

[ralight]

The links for the downloads has been updated to https (they were always available on https by the way). The SHA512s are available on the download link already, you have to click the "SHA512" button.