[withinrafael]

He won't go https, sign his binaries, or enable mark-of-web either. It's strange to see people still playing small binary golf in 2018.

[vocatus_gate]

Oh wow, I always assumed he just defaulted to HTTP version of the site, but HTTPS was an option. But nope, there isn't even a version of the site served over HTTPS. In the year 2018.

[Ajedi32]

Yeah, that's pretty terrible. Seems like the only secure way to get a copy of 7-zip is to install it via Chocolatey or Sourceforge.

[dogma1138]

Since they get theirs from an insecure source it really isnt.

[icebraining]

No, you can get them from the official Sourceforge project over HTTPS: https://sourceforge.net/projects/sevenzip/

[leeter]

Or use a newer toolset than VC6 apparently. Honestly at this point there needs to be an intervention.

[askvictor]

It's open source; feel free to fork.

[leeter]

sigh already downloaded the source, trying to convince myself I need to do this. The code is pretty much pure C++98 along with all the pain that comes with that.

[exikyut]

"Secure 7-Zip" even sounds like a good name.

[rootw0rm]

Agreed.

[chrisper]

Is there a good alternative to 7-zip?

[rurban]

I also lost my trust into zlib recently, given that the current released version is full of bugs, and the current master is written horribly. Not as bad as openssl, but close. E.g. they are still using K&R sigs, wrong casts, and have several copy&paste bugs which you only detect with a stricter c++ compiler.

[Hello71]

for just decompression, unarchiver has free software implementation of unrar. for compression, use command line (tar -J, zip, whatever) or file roller.

[nbsd4lyfe]

Libarchive (sometimes known as bsdtar) supports 7z with an independent implementation.

[pmorici]

I think he means an open source unarchiver that works on windows. Obviously Linux and bad have tar/gz/bz2 etc

[askvictor]

What are your criteria? I moved to Bandizip a few months back and it covers all of my requirements quite well.

[skrowl]

PeaZip is pretty good and is FOSS

[mmozeiko]

> PeaZip is free file archiver utility, based on Open Source technologies of 7-Zip, p7zip, FreeArc, PAQ, and PEA projects.

It seems to use 7-Zip and/or p7zip binaries.

[skrowl]

p7zip was also patched. 18.00 doesn't have the bug, but it looks like Peazip hasn't been updated with it.

I'm not sure what other FOSS alternative to use. BandiZip is free (as in beer) but doesn't seem to have an update since Sept, so if it uses p7zip under the hood for 7z, it's also vulnerable.