This seems like a real "beggars being choosers" situation.

I think this may be a person who is concerned a out being tainted by a license. Life if the code was source-available only and they saw it and then were accused to copying some functionality into another open source project.

A bit paranoid, sure, but not impossible.

It's only a .xz one though, why the worry? /s

Now seriously, I'm not particularly interested on this, but if it helps here are additional points of reference to at least be able to verify some integrity in case you want to try it.

SHA256:

    90d7b2d632a3887bf26c10c42584ba899a3071725dae7dcddddcbab54768b54b  freebsd-rustdate-0.6.1.tar.xz

Archive link: https://web.archive.org/web/20240827090825/https://rustdate....

Doesn't prove the absence of any malicious intent, but at least it should help prove that nothing is changing between requests (i.e. that the file I got is the same as the file you got).

Thankfully you can ask for your money back.