X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE
X-Spam-Check-By: sourceware.org
X-Mail-Handler: Dyn Standard SMTP by Dyn
X-Report-Abuse-To: abuse AT dyndns DOT com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX18Sntuoz2He+s4bekAHJNSQ
Date: Thu, 27 Sep 2012 12:49:31 -0400
From: Christopher Faylor <cgf-use-the-mailinglist-please AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: include SHA1/MD5 hash/digest of setup.exe, and HTTPS
Message-ID: <20120927164931.GA5564@ednor.casa.cgf.cx>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5062EDA4 DOT 9070509 AT yahoo DOT com> <033d01cd9bf0$f6cf9cf0$e46ed6d0$@motionview3d.com> <5063E0B2 DOT 3030106 AT yahoo DOT com> <03a101cd9cc3$eee1e5b0$cca5b110$@motionview3d.com> <506470F4 DOT 8030602 AT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <506470F4.8030602@gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Thu, Sep 27, 2012 at 05:29:56PM +0200, Noel Grandin wrote:
>On 2012-09-27 17:22, James Johnston wrote:
>>This is just as pointless as serving over plaintext HTTP and creates a
>>false illusion of security.
>
>And in the words of Linus Torvalds: "The perfect is the enemy of the
>good".  (Not actually originally by him, but he probably carries more
>weight around here)

There is another aphorism that trumps all of this: "Someone has to do
it".  I seem to not be making it clear that it is very unlikely that a
cygwin site maintainer (me) and a setup.exe developer (to a small degree
me + others) are all avidly reading these musings and looking for things
to do.

Cygwin, like most free software projects, has always been short on doers
and long on "experts with not enough time".  So, pontificate all you want
about the best ways to do things but please understand that it's likely
that nothing you say will have any effect on the project unless you are
interested in helping out yourself.

cgf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple