Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Mon, 13 May 2002 17:28:53 -0400
From: Christopher Faylor <cgf-cygwig AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: cygwin CD question
Message-ID: <20020513212853.GA12850@redhat.com>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <200205131851 DOT g4DIpPk25536 AT pilot16 DOT cl DOT msu DOT edu> <Pine DOT SGI DOT 4 DOT 40 DOT 0205131354040 DOT 80110-100000 AT tal DOT lbl DOT gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.SGI.4.40.0205131354040.80110-100000@tal.lbl.gov>
User-Agent: Mutt/1.3.23.1i

On Mon, May 13, 2002 at 02:11:08PM -0700, William V. Nicholson wrote:
>The point is that if you are really paranoid about these things then
>someone might slip in a trojan or backdoor while you are downloading
>Cygwin.  Obviously, if you subsequently set up an integrity tool then
>your system together with the backdoor would check out as okay
>(possibly until it got infected with a second backdoor or whatever).

So, the alternative is to trust that someone else has better security
than you do and trust their CD offering?

That doesn't sound paranoid enough to me.

All of the packages come with md5 checksums.  You should be able to
confirm that there are no problems with what you've downloaded by
comparing the checksums.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/