Hashes for each release file can be found in a "SIGNATURES" file for each release. For example, the signature file for 1.4.2 is at http://www.wireshark.org/download/src/all-versions/SIGNATURES-1.4.2.txt. It is signed with my GPG key. The hashes can also be found in each release announcement, which is also signed. We don't sign the Windows packages with Authenticode signatures but we should. I'll see if I can add that to the release process. |