On 22 April 2015 at 13:45, Paul Moore <p.f.mo...@gmail.com> wrote: > On 21 April 2015 at 23:05, Steve Dower <steve.do...@microsoft.com> wrote: >> I made it a self-extracting RAR file so it could be signed, but I've already >> had multiple people query it so the next release will probably just be a >> plain ZIP file. I just need to figure out some reliable way of validating >> the download other than GPG, since I'd like installers to be able to do the >> download transparently and ideally without hard-coding hash values. I might >> add a CSV of SHA hashes to the zip too. > > You could probably just leave it as is (or make it a self-extracting > zip file) and just describe it on the web page as "Windows amd64 > embeddable self-extracting archive". People are (I think) pretty used > to the idea that they can open a self-extracting archive in tools like > 7-zip, so those who didn't want to run the exe could do that (and > would know they could). Obviously extracting that way you don't get > the signature check, but that's to be expected.
Whoops, no - I changed my mind. If you double click on the downloaded file (which I just did) it unpacks it into the directory you downloaded the exe to, with no option to put it anywhere else, and no UI telling you what it's doing. That's going to annoy people badly. Better make it a simple zipfile in that case. Paul (off to tidy up his download directory :-() _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com