X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.5 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Message-ID: <4B9F6069.4010306@gmail.com> Date: Tue, 16 Mar 2010 10:41:45 +0000 From: Dave Korn User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: incomplete/corrupted setup.exe References: <1268526388 DOT 20918 DOT ezmlm AT cygwin DOT com> <20100314163002 DOT GA12172 AT ednor DOT casa DOT cgf DOT cx> <03988E63C1BD48809EA3A27E4D6A3661 AT phoenix> <4B9D1B9C DOT 6000302 AT monai DOT ca> <20100314190223 DOT GD13515 AT ednor DOT casa DOT cgf DOT cx> <4B9EEC2D DOT 9020602 AT monai DOT ca> <1ef5a52f1003160253g55aa7bf7l79bda3768f50c969 AT mail DOT gmail DOT com> In-Reply-To: <1ef5a52f1003160253g55aa7bf7l79bda3768f50c969@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 16/03/2010 09:53, Csaba Raduly wrote: > On Tue, Mar 16, 2010 at 3:25 AM, Steven Monai wrote: > [snip] >> IT departments are becoming increasingly security conscious. That's >> probably why the OP had trouble downloading setup.exe. It wasn't because >> his IT was "brain-dead", but because there are legitimate security >> concerns about downloading an unsigned exe over a non-SSL-authenticated >> channel. > > Unfortunately, many IT departments follow the "We must do something. > This is something. Therefore we must do this." action plan :/ > Installing a webfilter falls into this category, IMO. Certainly, if the IT department's goal is to enforce secure signed downloads, I fail to see how they can do this by pattern matching against file names. >> I suggest people inform themselves about the current state of art in >> "man-in-the-middle" hijacking attacks, because the means by which >> cygwin.com currently distributes setup.exe is vulnerable to a MITM >> surreptitiously delivering a trojan setup.exe in place of the actual. >> For this reason, I caution Cygwin users against downloading setup.exe >> over unsafe networks (e.g. public wireless hotspots, hotel networks, etc.). > > Or the Internet, in general :) > > Perhaps the MD5 and/or SHA1 checksums for the current setup.exe should > be published (and updated every time there's a new release) next to > the download link (like Apache does, for example) Any theoretical MITM who can redirect your download of setup.exe to a malicious version can just as easily also redirect your download of index.html likewise to an edited version with fake checksums. It would be very nice to be able to serve it up over https, but it's not just a matter of "Buy a cert for a couple of hundred bucks, edit httpd.conf and away you go". Sourceware.org is a busy and vital public server, so there are plenty of issues to be considered, like doing some proper benchmarking and making sure adding SSL doesn't significantly impact the availability and load levels on the sever, possibly having to add more capacity, and then there's all the accountability-and-control issues about who is responsible for the certificate and how and where it is maintained..... It is however a very highly-desirable goal. I'll try and find some round tuits to see if we can't get some traction. cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple