Mail Archives: cygwin/2015/04/03/07:37:41

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/04/03/07:37:41

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=GIx2sPuLp3VLglhUq0WLW+btMUf8nrPDp8acxIhyP83ExTmQuhnG+

E7T+P1R+ipakQs5b4ffRTPmAUNmgSlvrplMWsTdDiw6LCNH7s6MgBAnVLHHtHidM

4zYY+WT1FtdbKhuRlXnx7XhAI61NdMEmflofNmdbIhwNSAnwlE3yO4=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=svkC8PYVFc03XLgeo1Qtbbb/LH4=; b=aW6Ho3mNhCtx7EEYTxEnfMh6TwTQ

NvPo+mUhdgSwds1MCuN6/v0+0LQ2nFLhhTZqDF+qxSTF8pj46mMBpI6vuwIMWuyj

/WXNYQgO+gQb6qCusD1sdC9xrDaOKzEfdShIcdzEQYxF+Sw+UyH0h3oPZl23XQVI

m94axkhs7RMFqoY=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2

X-HELO: calimero.vinschen.de

Date: Fri, 3 Apr 2015 13:37:19 +0200

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Should cygwin's setup*.exe be signed using Sign Tool?

Message-ID: <20150403113719.GR13285@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <CADi7v6JKmP7Q2Bb9FgR0rjqQ+F1a_Y6nrG=v8x7WcesqKzXP4Q AT mail DOT gmail DOT com> <E1YdsGk-0001OY-N0 AT rmm6prod02 DOT runbox DOT com>

MIME-Version: 1.0

In-Reply-To: <E1YdsGk-0001OY-N0@rmm6prod02.runbox.com>

User-Agent: Mutt/1.5.23 (2014-03-12)

--jAJnlX6Iz2QeVWJH
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr  2 23:27, David A. Wheeler wrote:
> On Thu, 2 Apr 2015 21:23:16 -0400, Bryan Berns <bryan DOT berns AT gmail DOT com> wr=
ote:
> > Since the setup executable is responsible for running a whole bunch of
> > community contributed post-install executables as part of the
> > installation process, I'm not sure whether it'd be advisable to stamp
> > a particular individual's name or company's name on the executive
> > installer (e.g. Red Hat, for example).
>=20
> I would expect the publisher to be "The Cygwin Project".
> That's what the website says, after all!
>=20
> In my mind, the point of the signature would be to assure that you have t=
he correct
> (untainted) installer, and that the other software installed was the one =
from Cygwin.
> As far as community install issue goes, the same this is true for Fedora,=
 Debian, etc.,
> and that seems to be reasonably understood.

We're not going to change anything.  From my POV there's no good reason
to use Windows tools, especially given that the entire infrastructure is
running on an RHEL box.  So we're using the key on sourceware.org with
the GPG tool running under Linux on sourceware.org.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--jAJnlX6Iz2QeVWJH
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVHntvAAoJEPU2Bp2uRE+gmrEP/3BYQGv8Y512VPeRYIPADX1S
7CjWkJwICNazobt2xo//ZiPmfbHxEFdUhf6oUTglUmYZ3MfKr90sSvRoMz16sZYn
fdf05FtIwqqdCurAzC4qo56h1q+2p288n7UdIQPPphP797FW+ucKcL8n4+EzTpJ4
ls1DlbFHYY5bX+94x1L8EK8yb/tSit4Avw8gefE9H0wH26Hxlzr5GB2oew8/Wloy
xXJWBSnYr9w6X9kJiAyuOWRlJZiUL/lKNvP+M3ngT300Xh5nVp6VTMHZaw04yFQJ
4eoaU9/4+qlKBqI24IH9CHS86ua/IgXBlP8OMozSePXsHtX4+rm5TzUkV2p5nH9D
Eqj7ok0/PqbHszyNFw7KbGRJtxeEnzWo0ShuYeEvv5eHwzpxUPo1MNuncXnx0vPD
CcfQ8PQc/YMbDE9fCRDuJQV0vXbqHfq6F3mgD0cQJyjOZDurQS3DKOZZp1m2KJHR
8h496W4QI6Ekj81dRFmXJeapMMd/vMoSoLIkCjNmgNC6N/ORHoNQyf22FKNnrI1k
D2spujAZfxcNolGGMFqv1DkNczwNTbQsuKpzIi6eZAFCt4sGmPZzHAqDZ6eNLEMS
HPRuthNxqA9EBjzZgIrClfqYznTixGVWD38VKFHs4ptPCy6BD1KFshWsuNaW9Ptt
cgni5qHedUajFonu1aeo
=i7lb
-----END PGP SIGNATURE-----

--jAJnlX6Iz2QeVWJH--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=GIx2sPuLp3VLglhUq0WLW+btMUf8nrPDp8acxIhyP83ExTmQuhnG+
	E7T+P1R+ipakQs5b4ffRTPmAUNmgSlvrplMWsTdDiw6LCNH7s6MgBAnVLHHtHidM
	4zYY+WT1FtdbKhuRlXnx7XhAI61NdMEmflofNmdbIhwNSAnwlE3yO4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=svkC8PYVFc03XLgeo1Qtbbb/LH4=; b=aW6Ho3mNhCtx7EEYTxEnfMh6TwTQ
	NvPo+mUhdgSwds1MCuN6/v0+0LQ2nFLhhTZqDF+qxSTF8pj46mMBpI6vuwIMWuyj
	/WXNYQgO+gQb6qCusD1sdC9xrDaOKzEfdShIcdzEQYxF+Sw+UyH0h3oPZl23XQVI
	m94axkhs7RMFqoY=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO:	calimero.vinschen.de
Date:	Fri, 3 Apr 2015 13:37:19 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Should cygwin's setup*.exe be signed using Sign Tool?
Message-ID:	<20150403113719.GR13285@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<CADi7v6JKmP7Q2Bb9FgR0rjqQ+F1a_Y6nrG=v8x7WcesqKzXP4Q AT mail DOT gmail DOT com> <E1YdsGk-0001OY-N0 AT rmm6prod02 DOT runbox DOT com>
MIME-Version:	1.0
In-Reply-To:	<E1YdsGk-0001OY-N0@rmm6prod02.runbox.com>
User-Agent:	Mutt/1.5.23 (2014-03-12)