X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_20,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org Message-ID: <506470F4.8030602@gmail.com> Date: Thu, 27 Sep 2012 17:29:56 +0200 From: Noel Grandin User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS References: <5062EDA4 DOT 9070509 AT yahoo DOT com> <033d01cd9bf0$f6cf9cf0$e46ed6d0$@motionview3d.com> <5063E0B2 DOT 3030106 AT yahoo DOT com> <03a101cd9cc3$eee1e5b0$cca5b110$@motionview3d.com> In-Reply-To: <03a101cd9cc3$eee1e5b0$cca5b110$@motionview3d.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 2012-09-27 17:22, James Johnston wrote: > This is just as pointless as serving over plaintext HTTP and creates a > false illusion of security. And in the words of Linus Torvalds: "The perfect is the enemy of the good". (Not actually originally by him, but he probably carries more weight around here) More security, imperfect though it may be, is always better. If nothing else, it raises the bar and ensures that you attract a better class of criminal :-) If we insisted on running perfect stuff, none of us would be using Windows in the first place. Regards, Noel Grandin -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple