X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=bZ9pg
	cs5OIN41n1jPJwhP5VaMiDorqA3vpmj0eRSmOBDuaPfcHAk2vyH8rNMWGNqhmq9Z
	mW4TeUTVf9QODqv8s+OIzRO+JM8vWWGr+tujlxBPgHhgoTlLrSoCn/RRInS7RRtf
	kaAAfpXJCdTiHZ9x2uaOnmaT9k88ofsw4E1zU4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=sZt5dJNZ3KD
	I8IqsBns8rk2EJ1o=; b=g+YKEsWEHQOGo3AzJN3A1D/G50Cbne7UDf/2c3Hulss
	uG6q6fGfaul93k0aoOhz1eR12TsM/FwbEN2pG6oMwgzKUVbeYI5XueFOjLr4WzUa
	cOX6oE4wezPaAAeK9AA3/SCOa4XuJAV91L2MPR72644mlpNG5TP+Ak7+lVWC8mwQ
	=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.0 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,KAM_EXEURI,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=urgent, URGENT, cygwin AT cygwin DOT com, pdt
X-HELO: mail-in-13.arcor-online.net
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-05.arcor-online.net 3slNfL75Lbzmfq
From: Achim Gratz <Stromeko AT nexgo DOT de>
To: cygwin AT cygwin DOT com
Subject: Re: URGENT: BAD signature from "Cygwin <cygwin AT cygwin DOT com>"
References: <B0BF22335C47694D8CF77683CF7C809C8451E464 AT TWHQ-MAIL1 DOT trellisware DOT com>	<125363965 DOT 20160929001342 AT yandex DOT ru>	<B0BF22335C47694D8CF77683CF7C809C8451E60E AT TWHQ-MAIL1 DOT trellisware DOT com>
Date: Thu, 29 Sep 2016 20:39:50 +0200
In-Reply-To: <B0BF22335C47694D8CF77683CF7C809C8451E60E@TWHQ-MAIL1.trellisware.com>	(Thomas Sanders's message of "Wed, 28 Sep 2016 22:58:50 +0000")
Message-ID: <877f9uh7nt.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain

Thomas Sanders writes:
> Thanks for the reply, here is the actual script. I must have copy/pasted the wrong info previously.
> ###
>   wget -q http://cygwin.com/setup-x86.exe        -O ${DESTINATION}/setup-x86.exe
>   wget -q http://cygwin.com/setup-x86.exe.sig    -O ${DESTINATION}/setup-x86.exe.sig
>   wget -q http://cygwin.com/setup-x86_64.exe     -O ${DESTINATION}/setup-x86_64.exe
>   wget -q http://cygwin.com/setup-x86_64.exe.sig -O ${DESTINATION}/setup-x86_64.exe.sig
>   wget -q http://cygwin.com/key/pubring.asc      -O ${DESTINATION}/pubring.asc

For checking the signatures to be of any real use, you'd need to use
https at least.  Also, you'd need to establish the provenance of the key
independently.

> testing /tftpboot/PXE/mirrors/cygwin//setup-x86.exe
> gpg: Signature made Fri 09 Sep 2016 02:20:02 AM PDT using DSA key ID 676041BA
> gpg: BAD signature from "Cygwin <cygwin AT cygwin DOT com>"

BLODA, most likely.  Particularly some stupid heuristic scanner that
thinks that UPX compressed binaries are dangerous just because they use
compression.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple