This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: MD5s of setup.exe on mirrors.


On Mon, May 14, 2007 at 03:50:16PM -0400, Larry Hall (Cygwin) wrote:
>Alexander Sotirov wrote:
>> Christopher Faylor wrote:
>>>That + if you want to talk about trust then you should trust the method
>>>that we advertise for installing cygwin which is to click on the
>>>"Install Cygwin Now!" link.
>>
>>Are you saying that I should trust setup.exe downloaded from cygwin.com
>>more than setup.exe downloaded from a mirror?  That doesn't make sense.
>>
>>Even if I download setup.exe from cygwin.com, it still fetches the
>>package data from a mirror.  As far as I know the package data is not
>>signed, so setup.exe cannot verify that is has not been tampered with.
>>If a mirror has a modified bash package with a malicious binary in it,
>>the result will be no different than running an untrusted setup.exe.
>>
>>In fact, the mirror list used by setup.exe does not contain the
>>official ftp.cygwin.com site, giving users no choice but to use (and
>>trust) mirrors.
>
>Do you actually have a question or do you just want to speak your
>piece?  Seems to me that you're asking questions but then not really
>paying attention to the answers, even when they come from a project
>leader.  Perhaps you want to come at this again and clarify whether
>you're looking for information or just want to make a statement.

No, please.  Can't we just drop this?  This is obviously just one of
those pointless cyclic usenet discussions which doesn't go anywhere.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]