This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: incomplete/corrupted setup.exe


On Thu, Mar 18, 2010 at 1:28 AM, Dave Korn <*****************> wrote:
> On 18/03/2010 00:58, Steven Monai wrote:
>
>> As an alternative to setting up SSL on cygwin.com, what about the idea
>> of crypto-signing (e.g. with gnupg) every release of setup.exe, and then
>> posting the signature alongside the binary? I know I would breathe a
>> little easier if I were able to positively verify the authenticity of a
>> given setup.exe binary.
>
> ?That much is already done, and documented on the front page of cygwin.com:
> read the first sentence under "Installing and Updating Cygwin and its
> Packages" heading just beneath the mid-bar, or go straight to
> http://cygwin.com/setup.exe.sig
>
>> The public key would need to be distributed via channels other than just
>> cygwin.com, to make it more difficult to spoof. Fortunately, there are a
>> number of public PGP/GPG key servers to fill that purpose.
>
> ?And we have already uploaded it to them; DSA key ID 676041BA:
>
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xA9A262FF676041BA
>
> ? ?cheers,
> ? ? ?DaveK
>
> --

Hello!
George, I am certainly not the individual behind the list, I am just
another user of this most excellent system as you are. That being
said, (Oh and thank you Dave for stating that.) would that be enough
for your school to stop blacklisting the setup program for Cygwin?

I firmly believe that something did happen in the past to frustrate
and confuse the people behind you in the school you are working from.
That's why they did that, and I agree it makes less sense to me as
well.

So given that excellent decision on someone's part, can we consider
this subject closed, before CGF gets really annoyed?
-----
Gregg C Levine gregg.drwho8@gmail.com
"This signature fought the Time Wars, time and again."

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]