| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-SWARE-Spam-Status: | No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE |
| X-Spam-Check-By: | sourceware.org |
| X-Mail-Handler: | Dyn Standard SMTP by Dyn |
| X-Report-Abuse-To: | abuse AT dyndns DOT com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) |
| X-MHO-User: | U2FsdGVkX1+ToeyGqG7oXMYVrvnpb9q6 |
| Date: | Wed, 26 Sep 2012 10:24:42 -0400 |
| From: | Christopher Faylor <cgf-use-the-mailinglist-please AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: include SHA1/MD5 hash/digest of setup.exe, and use HTTPS |
| Message-ID: | <20120926142442.GB24866@ednor.casa.cgf.cx> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <50629F1D DOT 7070406 AT yahoo DOT com> <50630661 DOT 5020307 AT cs DOT utoronto DOT ca> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <50630661.5020307@cs.utoronto.ca> |
| User-Agent: | Mutt/1.5.20 (2009-06-14) |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Wed, Sep 26, 2012 at 09:42:57AM -0400, Ryan Johnson wrote: >tl;dr: publishing a checksum for setup.exe is a good idea, https makes >little or no sense in this setting, and cryptographic signatures for >packages would be nice to have but would burden volunteers while >providing incomplete protection. > >(response follows) > >On 26/09/2012 2:22 AM, Bry8 Star wrote: >> Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage >> next to "setup.exe" download url-link. >Providing a digest for setup.exe is probably a good idea, and probably >not too hard. And, it's already done. See: http://cygwin.com/install.html . FWIW, I'm not personally interested in going through the effort of setting up https access for sourceware. And, I'm personally even less interested in changing setup.exe to use https. As Ryan noted, we don't control the cygwin mirrors so this would likely be a pointless exercise anyway. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |