X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=BAYES_00,SPF_HELO_PASS,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Patrick Strasser <patrick DOT strasser AT tugraz DOT at>
Subject: setup.exe.sig not verifiable?
Date: Thu, 13 Jan 2011 12:04:36 +0100
Lines: 19
Message-ID: <igmm83$s3m$1@dough.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.7
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hello list!

I saw on the install page[1] that you can check the validity of the
setup.exe with the provided signature file and PGP keyring. Great!

Unfortunately I cannot find a trust path to the signature. It seems that
only Dave Korn signed with his key 0x6A388C3E, but his key is unsigned.
So how should I know that not all three, setup.exe, setup.exe.sig and
the keyring are tampered? Or am I missing something?

Regards

Patrick

[1] http://cygwin.com/install.html
-- 
Engineers motto: cheap, good, fast: choose any two
Patrick Strasser <patrick dot strasser at student dot tugraz dot at>
Student of Telemati_cs_, Techn. University Graz, Austria


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple