Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Fri, 7 Jul 2000 22:06:11 -0400
Message-Id: <200007080206.WAA14350@envy.delorie.com>
From: DJ Delorie <dj AT delorie DOT com>
To: avr_fan AT mailandnews DOT com
CC: cygwin AT sourceware DOT cygnus DOT com
In-reply-to: <00ae01bfe881$a227b640$c0bf1004@homepc.freedsl.com>
	(avr_fan AT mailandnews DOT com)
Subject: Re: missing tsort in textutils.tar.gz
References:  <00ae01bfe881$a227b640$c0bf1004 AT homepc DOT freedsl DOT com>


> What about the mirror sites are they also trusted and certified to
> be virus scanned etc?

First off, sourceware includes MD5 files that you can use to verify
that packages have been transferred from sourceware to the mirror to
you.

Second, most mirror sites are running Unix, not Windows, and are much
less likely to be infected anyway.

Third, virii that *can* infect those Unix sites would not be the types
of viruses that could infect Cygwin executables inside .tar.gz files.

Fourth, mirror site maintainers are much more likely to be actively
securing their machines against attacks.

> What about some of the sites like http://cygutils.netpedia.net/ etc?
> are they trusted/certified too?

Sites, like people, *earn* trust.  We can't just give it to them, nor
can we certify them.  We only administer the cygwin archives on
sourceware; that's all we can attest to.  If you want to know what
other sites use for procedures, you must ask them directly.

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com