| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=1.2 required=5.0 tests=AWL,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,FSL_FREEMAIL_1,FSL_FREEMAIL_2,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD,UNPARSEABLE_RELAY |
| X-Spam-Check-By: | sourceware.org |
| X-Yahoo-SMTP: | 5dK18waswBAT5ulP1CdMKt9Jhcrn |
| Message-ID: | <50629F1D.7070406@yahoo.com> |
| Date: | Tue, 25 Sep 2012 23:22:21 -0700 |
| From: | Bry8 Star <bry8star AT yahoo DOT com> |
| Reply-To: | bry8star AT yahoo DOT com |
| User-Agent: | Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | include SHA1/MD5 hash/digest of setup.exe, and use HTTPS |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
Hello, Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage next to "setup.exe" download url-link. so we know for sure, if we have a correct file or not, and someone in middle (MITM) has not changed it. Windows users prefer to verify files rather with sha1/md5 etc, than using asc, as asc verification is more complicated. And also, please distribute the setup.exe, via using a HTTPS based URL/site. So we/users can get it securely (and over encrypted connections) from your site, cygwin.com No need for a paid/purchased SSL/TLS certificate. A self-signed or CAcert or other free cert (various cert providers have free cert for non-profit or open-source developers), is more than enough & suffice. Much much better than using no encryption at all. Does the "setup.exe" connect to Internet/mirror sites using https or SSL/TLS encrypted connections ? if not please, change "setup.exe" codes further, so that at least initial connections while obtaining hash/digest/asc code of other source files are obtained via using SSL/TLS (if that source site supports). You should have or host the hash/digest/asc files of all source files under cygwin.com site. A larger sized source file or binary file can be downloaded via non-https way, ONLY if the hash/digest/asc codes were already obtained through SSL/TLS/HTTPS connection in early. Thanks, Thanks, Thanks. -- Bry8 Star. (Bry8Star). -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |