X-Spam-Check-By: sourceware.org
Message-ID: <469BB121.3060801@cs.wisc.edu>
Date: Mon, 16 Jul 2007 12:55:45 -0500
From: Louis Kruger <lpkruger@cs.wisc.edu>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: William Sutton <william@trilug.org>
CC: cygwin@cygwin.com
Subject: Re: hacked package on server
References: <469B9A27.3090406@cs.wisc.edu> <Pine.LNX.4.58.0707161245430.3644@dargo.trilug.org>
In-Reply-To: <Pine.LNX.4.58.0707161245430.3644@dargo.trilug.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com


> I do think that instead of simply aborting the install with a message that 
> the server was compromised (was it?  or is something else going on?), that 
> a more useful option would be to allow the user to select a different 
> mirror and continue the process.
>
>   

Sure.  I just wanted to make the point that it is important to take 
extra steps to protect end-user from malicious tampering.

If you want to investigate this, the file is here.  The file size is 
correct, the MD5 is not.

http://mirrors.dotsrc.org/cygwin/release/vim/vim-7.1-1.tar.bz2

Louis

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/