Date: Thu, 27 Sep 2012 12:49:31 -0400
From: Christopher Faylor <cgf-use-the-mailinglist-please@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS
Message-ID: <20120927164931.GA5564@ednor.casa.cgf.cx>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <5062EDA4.9070509@yahoo.com> <033d01cd9bf0$f6cf9cf0$e46ed6d0$@motionview3d.com> <5063E0B2.3030106@yahoo.com> <03a101cd9cc3$eee1e5b0$cca5b110$@motionview3d.com> <506470F4.8030602@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <506470F4.8030602@gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

On Thu, Sep 27, 2012 at 05:29:56PM +0200, Noel Grandin wrote:
>On 2012-09-27 17:22, James Johnston wrote:
>>This is just as pointless as serving over plaintext HTTP and creates a
>>false illusion of security.
>
>And in the words of Linus Torvalds: "The perfect is the enemy of the
>good".  (Not actually originally by him, but he probably carries more
>weight around here)

There is another aphorism that trumps all of this: "Someone has to do
it".  I seem to not be making it clear that it is very unlikely that a
cygwin site maintainer (me) and a setup.exe developer (to a small degree
me + others) are all avidly reading these musings and looking for things
to do.

Cygwin, like most free software projects, has always been short on doers
and long on "experts with not enough time".  So, pontificate all you want
about the best ways to do things but please understand that it's likely
that nothing you say will have any effect on the project unless you are
interested in helping out yourself.

cgf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple