X-Spam-Check-By: sourceware.org
Message-ID: <469BB121.3060801@cs.wisc.edu>
Date: Mon, 16 Jul 2007 12:55:45 -0500
From: Louis Kruger <lpkruger AT cs DOT wisc DOT edu>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: William Sutton <william AT trilug DOT org>
CC: cygwin AT cygwin DOT com
Subject: Re: hacked package on server
References: <469B9A27 DOT 3090406 AT cs DOT wisc DOT edu> <Pine DOT LNX DOT 4 DOT 58 DOT 0707161245430 DOT 3644 AT dargo DOT trilug DOT org>
In-Reply-To: <Pine.LNX.4.58.0707161245430.3644@dargo.trilug.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


> I do think that instead of simply aborting the install with a message that 
> the server was compromised (was it?  or is something else going on?), that 
> a more useful option would be to allow the user to select a different 
> mirror and continue the process.
>
>   

Sure.  I just wanted to make the point that it is important to take 
extra steps to protect end-user from malicious tampering.

If you want to investigate this, the file is here.  The file size is 
correct, the MD5 is not.

http://mirrors.dotsrc.org/cygwin/release/vim/vim-7.1-1.tar.bz2

Louis

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/