I am in the middle of my PCI-DSS audit and the qsa is asking how I verify that the binaries have not been modified in my installer package. We build the installation package and post to our web site. The customer downloads and installs. PCI is loo...