Closed fake-name closed 9 years ago
dscho
commented
9 years ago You will find that the recent release candidates of Git for Windows 2.x are signed. Since version 2.x will supersede version 1.x, I hope you agree that it is better to focus on 2.x than to release a new 1.x version just to release signed installers.
(it says "preview", but there does not appear to be a non-preview version)
There is indeed no official release of Git for Windows yet.
fake-name
commented
9 years ago Well, in that case, you should probably point https://msysgit.github.io/ to the new installer. Lots of 3-rd party installers link to that page for "here is where you get git".
dscho
commented
9 years ago Git for Windows 2.x is not officially released, either. So redirecting as you suggested would be premature. But yes, we will do that eventually: https://github.com/git-for-windows/git/issues/12
The installer executable available from the main msysgit webpage is unsigned, and it is therefore impossible to verify the integrity of the installer. This is just flat out bad.
All linux packages are signed and verified in basically every distribution, and windows has facilities for doing the same. There is no reason to /not/ sign the binaries, particularly when they are apparently release binaries (it says "preview", but there does not appear to be a non-preview version).