Mail Archives: cygwin/2023/06/15/09:21:26

happynumnums via Cygwin <cygwin AT cygwin DOT com> · Thu, 15 Jun 2023 13:20:18 +0000

When looking for the latest Cygwin installer, I came across two different domains.

One insecure:
http://cygwin.org/

and one secure:
https://cygwin.net/

When checking the downloaded latest 3.4.6 installer with sha512sum.exe, I get differing checksums from the executables from both websites:

an unexpected checksum (from first site)
787c46173f5f91d350d31053f09d2bc18e1a80907a9f571f905fa7579cd2fa7b2502337da57aa70a5c8c4209a365f3604cee3c8ffe6c451b397986ddf17eea14

and the expected checksum from the 2nd site (as printed on both pages):
4779bead277ba7e682212ed3b1c9c2a56f9b15586dc2db3949556958b683b6f8a11c1c8957e1027d798281fcc98ccf12c418a609911c7e553787c88f8af86152

The first file size shows 1350kB, the 2nd 1356kb.

Can somebody clarify, if cygwin.org is a phishing site or otherwise explain the differences?

Sent with [Proton Mail](https://proton.me/) secure email.

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 4E608385771A
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1686835244;
	bh=9ZCNWUZyAC5i80PCj8tJWXRAsLAz2FEKaN33bF7e/Cs=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=pKvXPyR0nvnaaJr5vJIUOC3oqx5MtcTSJpJnQYGqOE7dMtCrehxsPx7iQqxH9RvSs
	o3UhPNW5vzIa4+S93xu3yVtPo4Q5By6ysBz3rtmEIbSX13IwFYJFs5PbyC+3cw0YV1
	l/1hVVrsB5SBV4kyuGgcZtiGUt5yjtT7sT4w1khU=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 5D7A23858C2F
Date:	Thu, 15 Jun 2023 13:20:18 +0000
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	Identical Cygwin websites - differing downloads
Message-ID:	<-ZOAJV_uZC2NPx5GcZA8caT5sxCBmG7bp1eSMaG4JMS2jy343wOyf3KCgGSZDPajHSGNmdxcEm5My5l7SogATe_jn8BoRrENyp_YmVSXQgA=@proton.me>
Feedback-ID:	78179167:user:proton
MIME-Version:	1.0
X-Spam-Status:	No, score=1.9 required=5.0 tests=BAYES_05, DKIM_INVALID,
	DKIM_SIGNED, HTML_MESSAGE, KAM_DMARC_STATUS, KAM_INFOUSMEBIZ, KAM_LOTSOFHASH,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Level:	*
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	happynumnums via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	happynumnums <happynumnums AT proton DOT me>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019