Hello list! I saw on the install page[1] that you can check the validity of the setup.exe with the provided signature file and PGP keyring. Great!
Unfortunately I cannot find a trust path to the signature. It seems that only Dave Korn signed with his key 0x6A388C3E, but his key is unsigned. So how should I know that not all three, setup.exe, setup.exe.sig and the keyring are tampered? Or am I missing something? Regards Patrick [1] http://cygwin.com/install.html -- Engineers motto: cheap, good, fast: choose any two Patrick Strasser <patrick dot strasser at student dot tugraz dot at> Student of Telemati_cs_, Techn. University Graz, Austria -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
