0

When installing software onto my PC, I generally like to run a hash check against my download before installing it. Many download pages provide an MD5sum to use for this kind of check.

See: Some random page on the net that explains this practice.

I have just downloaded TortoiseHg software for Windows from http://tortoisehg.bitbucket.org/ but I cannot see the MD5 mentioned anywhere.

I may be missing it. Do you know where I can find the hash code for the latest download packages?

JW.
  • 199
  • 10
  • Although not a 100% guarantee, is the app digitally signed? – Karan Dec 18 '12 at 06:37
  • Thanks for your comment. I'm not sure. I don't tend to click on anything I've downloaded until I check the MD5sum. How would I tell if it were digitally signed? – JW. Dec 18 '12 at 06:39
  • Ok I have right-clicked on it and looked at properties and yes, there seems to be a tab for Digital Signatures. – JW. Dec 18 '12 at 06:41
  • Yeah, I see a digital sig by Steven Borho on Dec. 12. In the absence of a checksum I guess this is the best you can do to ensure that the file hasn't been tampered with (see [Is it possible for a digitally signed application to be infected by a virus?](http://superuser.com/questions/517690/is-it-possible-for-a-digitally-signed-application-to-be-infected-by-a-virus)) – Karan Dec 18 '12 at 06:48
  • Thanks for the link to that question. Apt because it was just occurring to me too. – JW. Dec 18 '12 at 07:03

0 Answers0