Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <000501c1fd52$a512c1a0$c23fa8c0@transarc.ibm.com>
From: "Michael Young" <mwy-ltua AT the-youngs DOT org>
To: <cygwin AT cygwin DOT com>
Subject: PGP signatures for packages?
Date: Thu, 16 May 2002 23:26:30 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200

Are signatures available for the setup program, or for the packages it
downloads?
RPM uses GPG signatures, but I can't find anything comparable for the Cygwin
binaries.  Even just a list of hashes would be worthwhile (ideally vended from
a secure Cygwin/Redhat web page) to verify that a mirror (or download) hasn't
been corrupted.  Real PGP signatures would be better.  I can live without tool
support -- I can do the verifications manually, but only if I can find the
signatures :-).

I saw a note back in December
(http://sources.redhat.com/ml/cygwin/2001-12/msg00950.html)
that touched on this, but I couldn't find any followup.  Did this wither on the
vine?



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/