https://issues.dlang.org/show_bug.cgi?id=18786
--- Comment #6 from greenify <greeen...@gmail.com> --- > What information does checking the signature give? It shows it's signed, not > that it's virus-free. A signature shows that a binary comes from a certain > source, not that it carries no payloads. Yes, but then again how do you know that anything does or doesn't contain a virus? FWIW you can build the compiler from the sources yourself quite quickly and typically that is even more likely to be determined as a virus - even though in this case you could have checked the entire code. The signature at least insures that you got the binary built from the source code you can see on GitHub (depending on whether or not you trust our release master). --