Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Fri, 16 May 2003 13:40:05 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: "Peter L. Smilde" <smilde AT terrasys DOT de>
cc: cygwin AT cygwin DOT com
Subject: Re: Signatures for binary packages
In-Reply-To: <3EC4D2D8.3000708@terrasys.de>
Message-ID: <Pine.GSO.4.44.0305161335351.8930-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Fri, 16 May 2003, Peter L. Smilde wrote:

> Hi,
>
> According to the gnupg anouncement of November, the source-code package
> of gnupg contains signature files for several of its parts. Are there
> also signature files available for the binary packages?
>
> Alternatively checksums can be used. But the checksums contained in the
> packages are only good for checking the data transfer; for security
> checking the checksums should be published independently.
>
> Regards,
> Peter

Peter,

Every package published on the Cygwin mirrors has an md5.sum file along
with it that contains the needed checksums.  The comment that they should
be published independently is valid (i.e., md5.sum files aren't accessible
on ftp://cygwin.com).  The two possible solutions are (a)  allowing people
to download md5.sum files from the ftp, and (b) publishing one huge
md5.sum file for all packages updated whenever there's an upload.
Alternatively, one could always check a few random mirrors... :-D
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Knowledge is an unending adventure at the edge of uncertainty.
  -- Leto II


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/