I wanted to install Cygwin on one machine, but I got stuck
trying to figure out how to verify the integrity of the
downloaded setup.exe binary.
The documentation points at a signature file and public key
file hosted on the same webserver as setup.exe. Thus those
could be tampered with just as easily as setup.exe itself.
If I knew how to get the public key from a secure source, I
know how to use gpg to validate the signature. I would have
expected the public key to be available over https as well,
but I wasn't able to find it anywhere.
I looked through the FAQ, but this question did not appear
to have been addressed there.
--
Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer
#define _(_)"d.%.4s%."_"2s" /* This is my email address */
char*_="@2kaspner"_()"%03"_("4s%.")"t\n";printf(_+11,_+6,_,11,_+2,_+7,_+6);
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
