[LarryClapp]

Thanks, that's good to know. I never thought of that as a stumbling block. I trust me!

Do you think showing an md5 hash would help, or is it just Dropbox itself?

Would (for example) dl.huck.sh be better? (I own huck.sh (and huckridge.com and several others) and have a site there, but don't have anything at dl.huck.sh.)

I actually kind of thought that Dropbox would be better than my own webserver, on the assumption that people would trust them more than me. I dunno.

[artisin]

Personally, my primary concern is security and, by extension, trust. My shell environment functions as the gatekeeper to my castle, and installing this binary would be akin to blindly handing over the keys, especially since the source code is not accessible. I'm unsure if it's feasible given Hacksh's requirements, but using Flatpak could largely address your distribution issue as well as my security issue.

[wolftickets]

If you happen to have a GitHub space for storing things you can upload release artifacts there for folks to download.

[tutfbhuf]

Preferably, these release artifacts are generated by a pipeline, and the hashes are verifiable.

[jrm4]

Offhand, I love this as an anti-signal and I'll probably try it out because of this.

A too-slick website here on HN is a strong deterrent for me.

[LarryClapp]

Ha, fascinating. (And thanks for trying it out!)

So would a tarball on Github put you off, do you think? Would you prefer a raw directory listing from Apache at dl.huck.sh (et al)?