Security issue in installing Haskell platform in MS Windows - Installer not digitally signed

[gsngh]

The Haskell platform installer for Microsoft Windows should be digitally signed using a certificate from a reputed certificate organization (Verisign, entrust etc.) The mozilla firefox is signed this way. Any software distributed through internet is signed this way to avoid modification by replacement by an intermediary.

If it is not possible to sign the platform installer then publish the md5 checksum along with the link to download platform installer. (However, windows users are slightly less used to this approach.)

[refold]

I'm not sure about the digital signature, but it should be possible to provide an MD5 checksum.

[gsngh]

Dear refold,

Thanks for offering the help. As a favour, can you please let me know the MD5 checksum of HaskellPlatform?-2011.2.0.1-setup.exe - Please add this information to this ticket.

Please also publish the checksum on the website where you place the installer link. You might be already knowing, however that, publishing the checksum on a webpage is not a guaranteed solution unless the publishing web page is itself digitally signed. This means that that is to be read using the https not http protocol which allows the reader to be sure of what is being read from the Internet is indeed what was published and not modified in between.

Regards.

[gsngh]

Replying to refold:

I'm not sure about the digital signature, but it should be possible to provide an MD5 checksum.

I would be grateful if you could please reply to this post on the ticket with the MD5 checksum of the file "HaskellPlatform?-2011.2.0.1-setup.exe"

Thanks and Regards.

[refold]

Sorry for the delay. Here it is:

0a35b4245ecb4ba4c5af8183e53b8beb HaskellPlatform?-2011.2.0.1-setup.exe

[refold]

Note to self: provide an MD5 sig when releasing an installer.

[refold]

This is relevant:

http://stackoverflow.com/questions/10581570/setting-the-uac-publisher-field-for-a-nsis-installer/10587106#10587106