If so, Chocolatey will switch to downloading the binaries over SSL.This provides better security in downloading and knowing you are getting the binary from the source location instead of a possible man in the middle location, especially when the package does not provide checksums for verification.We also are moving right along towards v1 (and hope to be there in 2017).

an error occurred generating a bootstrapper unable to begin updating-45

Unfortunately there was a recent event with FOSSHub getting hacked (the community repository had 8 possibly affected packages and we quickly took action), which necessitated a need for us to move in a much swifter fashion to ensure the protection of the community sooner, rather than later.

The changes in Chocolatey represented by the checksum changes are a major step in the process to ensure protection.

This package was approved as a trusted package on 11/15/2016.

Chocolatey is a package manager for Windows (like apt-get but for Windows).

Without independent verification of the integrity of the downloaded resources, users can be left susceptible to these issues.

We've been planning a move to require checksums for awhile now, with a planned longer and smoother transition for package maintainers to get packages updated to reduce breakages.

Chocolatey is brought to you by the work and inspiration of the community, the work and thankless nights of the Chocolatey Team, with Rob heading up the direction. To install Chocolatey, run the following command from the command line or from Power Shell: In cases where actual malware is found, the packages are subject to removal. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution). However that really has never been a recommended scenario for returning errors from scripts and is not seen in the wild anywhere so it is believed that those that may be affected are very few.

You can host your own sources and add them to Chocolatey, you can extend Chocolatey's capabilities, and folks, it's only going to get better. Chocolatey Pro provides runtime protection from possible malware. Checking to return a value from Power Shell because of issues with different hosts, it's less of a concern to only look at explicit failures.

Checksums in package scripts are meant as a measure to validate the originally intended downloaded resources used in the creation of a package are the same files that are received at a future date.

This also ensures that the same files that are checked by all parts of moderation (if applicable) are the same files that are received by users for a package.

You can optionally set a feature () to ensure packages using HTTPS also use checksums.