X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 	tests=AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received-SPF: pass (mail3.jubileegroup.co.uk: domain of ged AT jubileegroup DOT co DOT uk designates 127.0.0.1 as permitted sender) receiver=mail3.jubileegroup.co.uk; client-ip=127.0.0.1; helo=mail3.jubileegroup.co.uk; envelope-from=ged AT jubileegroup DOT co DOT uk; x-software=spfmilter 0.98-gwh with libspf2-1.2.9;
Date: Wed, 17 Mar 2010 19:15:23 +0000 (GMT)
From: "G.W. Haywood" <ged AT jubileegroup DOT co DOT uk>
To: "Cygwin mailing list." <cygwin AT cygwin DOT com>
Subject: Re: incomplete/corrupted setup.exe
In-Reply-To: <1268850529.17026.ezmlm@cygwin.com>
Message-ID: <Pine.LNX.4.58.1003171900400.20182@mail3.jubileegroup.co.uk>
References: <1268850529 DOT 17026 DOT ezmlm AT cygwin DOT com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Originating-Country: localhost
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hi there,

On Wed, 17 Mar 2010 cgf wrote:

> On Wed, Mar 17, 2010 at 10:45:47AM +0000, G.W. Haywood wrote:
> >On Tue, 16 Mar 2010 Csaba Raduly wrote:
> >>>Perhaps the MD5 and/or SHA1 checksums for the current setup.exe should
> >>>be published (and updated every time there's a new release) next to the
> >>>download link (like Apache does, for example)
> >
> >That would be a very acceptable alternative to my original suggestion
> >of renaming setup.exe each time it's (re)released, even if it's a bit
> >more work for you.  :( Thanks.
>
> To be clear ... until the mailing list is flooded with people who
> can't download setup.exe because we don't have https access, I am
> satisfied with not doing anything.

In the interests of further clarity, all I've really been asking for
is a way for people to know exactly what they're downloading when they
click the download link.  The fact that some caching proxies might be
fooled into doing something less unhelpful than normal would just be
an incidental bonus.  I agree that the idea of using https would seem
to be overkill, and in any case it doesn't address other issues which
are covered if you publish the md5sums of each release.  When there's
a way to verify the file contents, files can if necessary be sent by
email to people who have trouble downloading.

--

73,
Ged.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple