Mail Archives: cygwin/2007/05/11/17:43:02

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2007/05/11/17:43:02

X-Spam-Check-By: sourceware.org

Message-ID: <4644E349.7000604@determina.com>

Date: Fri, 11 May 2007 14:42:33 -0700

From: Alexander Sotirov <asotirov AT determina DOT com>

User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: MD5s of setup.exe on mirrors.

References: <5qd5179mvu DOT fsf AT hod DOT lan DOT m-e-leypold DOT de> <4644CB03 DOT 9070707 AT determina DOT com> <20070511202353 DOT GA25421 AT trixie DOT casa DOT cgf DOT cx>

In-Reply-To: <20070511202353.GA25421@trixie.casa.cgf.cx>

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Christopher Faylor wrote:
>> Nobody seemed to care. Considering the fact that MD5 collisions are now trivial
>> to generate, it probably doesn't matter much anyways - the fact that your copy
>> of setup.exe has the right MD5 doesn't mean that it hasn't been tampered with.
> 
> We don't control the content of mirrors.
> 
> If you think this is an issue, contact the mirror(s) in question.

This is an issue with the Cygwin website, not the mirrors.

There is a chain of trust from http://cygwin.com to the mirrors. Since the
official Cygwin site list these mirrors at http://cygwin.com/mirrors.html,
you're endorsing them as an officially approved locations to download Cygwin.
This means that you have to monitor reports about misbehaving mirrors and remove
ones that distribute corrupted or possibly malicious binaries under the Cygwin name.

Alex

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<4644E349.7000604@determina.com>
Date:	Fri, 11 May 2007 14:42:33 -0700
From:	Alexander Sotirov <asotirov AT determina DOT com>
User-Agent:	Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: MD5s of setup.exe on mirrors.
References:	<5qd5179mvu DOT fsf AT hod DOT lan DOT m-e-leypold DOT de> <4644CB03 DOT 9070707 AT determina DOT com> <20070511202353 DOT GA25421 AT trixie DOT casa DOT cgf DOT cx>
In-Reply-To:	<20070511202353.GA25421@trixie.casa.cgf.cx>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com