X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-Authority-Analysis: v=1.0 c=1 a=PYnjg3YJAAAA:8 a=xe8BsctaAAAA:8  a=UG0KEi6CjApbTNwyFWYA:9 a=G6KHDLpFlvx2_g_cyZIA:7  a=z-Mohh7E5156tCX4JMzVZVZOp1QA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10
Message-ID: <4897ACC9.8030701@byu.net>
Date: Mon, 04 Aug 2008 19:28:41 -0600
From: Eric Blake <ebb9 AT byu DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Setup version
References: <4897678C DOT 9010106 AT cappella DOT us>
In-Reply-To: <4897678C.9010106@cappella.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Mike Cappella on 8/4/2008 2:33 PM:
| With the recent CVE security announcement regarding setup.exe:
|
|    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3323
|
| I'm wondering if perhaps it make sense to include the version number of
| setup.exe on the main Cygwin web page?  It is currently seems to require
| downloading setup.exe and running it to determine the version number.

On the other hand, the above vulnerability can only occur if you click
beyond the screen displaying the version number, so there isn't really any
harm in running setup.exe to determine whether it is new enough to avoid
that particular bug.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiXrMkACgkQ84KuGfSFAYDLtACgl3Uu1DOlwdtdRxrvmcngELT3
IBEAn1F2RLKNyZzVs5hZ+WCd9vuxOkDK
=JTzx
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/