Customers have asked how they should verify the Windows packages we publish, e.g. MSI and Nupkg artifacts.

We currently publish a list of checksums for the binary-only tar and zip artifacts generated for each release, but do not publish a similar list of checksums for Windows package artifacts.

We should publish a list of checksums for these Windows artifacts. It would be ideal if they were added to the existing checksum list but a separate file also seems acceptable.