Hello, Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage next to "setup.exe" download url-link. so we know for sure, if we have a correct file or not, and someone in middle (MITM) has not changed it.
Windows users prefer to verify files rather with sha1/md5 etc, than using asc, as asc verification is more complicated. And also, please distribute the setup.exe, via using a HTTPS based URL/site. So we/users can get it securely (and over encrypted connections) from your site, cygwin.com No need for a paid/purchased SSL/TLS certificate. A self-signed or CAcert or other free cert (various cert providers have free cert for non-profit or open-source developers), is more than enough & suffice. Much much better than using no encryption at all. Does the "setup.exe" connect to Internet/mirror sites using https or SSL/TLS encrypted connections ? if not please, change "setup.exe" codes further, so that at least initial connections while obtaining hash/digest/asc code of other source files are obtained via using SSL/TLS (if that source site supports). You should have or host the hash/digest/asc files of all source files under cygwin.com site. A larger sized source file or binary file can be downloaded via non-https way, ONLY if the hash/digest/asc codes were already obtained through SSL/TLS/HTTPS connection in early. Thanks, Thanks, Thanks. -- Bry8 Star. (Bry8Star). -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
