Simon Large wrote:
> 2009/7/9 Stefan Küng <tortoisesvn_at_gmail.com>:
>> Mark Rosenberg wrote:
>>> TortoiseSVN-1.6.3.16613-win32-svn-1.6.3.msi is not a valid MSI
>>> according to my XP Home SP3 system. The install aborts immediately
>>> with the message from Windows Installer:
>>>
>>> "This installation package could not be opened. Contact the
>>> application vendor to verify that this is a valid Windows Installer
>>> package."
>>>
>>> Nor was I able to verify the digital signature according to the
>>> instructions provided on the website. My download link follows:
>>>
>>> http://downloads.sourceforge.net/tortoisesvn/TortoiseSVN-1.6.3.16613-win32-svn-1.6.3.msi?download
>>>
>>> Am I the only one having this issue or is the MSI truly damaged?
>> Your msi is really broken.
>> Try downloading it again, and maybe try a different sourceforge mirror
>> to download from.
>
> The new signature proves that the msi has not been tampered with, but
> is it as easy to detect a broken download? Is it worth keeping MD5
> sums shown on the website?
"not been tampered with" and "broken download" is the very same: both
indicate that the file is not the same as the one I signed.
No need to keep md5 sums or GPG keys on the website. If the signature
doesn't match, the file is corrupted - either willingly by someone who
tampered with the file or accidentally due to a broken download.
Stefan
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2369306
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-07-09 10:59:16 CEST