e the
correct
(untainted) installer, and that the other software installed was the one from
Cygwin.
As far as community install issue goes, the same this is true for Fedora,
Debian, etc.,
and that seems to be reasonably understood.
--- David A. Wheeler
--
Problem reports: http://cy
David A. Wheeler inquired:
> > Has Cygwin considered signing the installer using Sign Tool? More info:
On Fri, 3 Apr 2015 01:22:15 +0300, Andrey Repin wrote:
> Did Microsoft made it available separately? Or is there a description of the
> structure of such a signature and/or a free t
#x27;t provide a patch to do this,
obviously :-).
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
me. You're not interested to improve
> other parts of the documentation as well, by any chance? :)
We'll see :-).
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
On Tue, 31 Mar 2015 21:29:51 +0200, Corinna Vinschen
wrote:
> On Mar 31 14:08, David A. Wheeler wrote:
> > Signed-off-by: David A. Wheeler
>
> Ugh! *Short* patches are ok for the cygwin mailing list. Short being a
> handful of lines, not entire novels. Novels go to cygw
Signed-off-by: David A. Wheeler
---
winsup/doc/faq-setup.xml | 129 ++-
1 file changed, 128 insertions(+), 1 deletion(-)
diff --git a/winsup/doc/faq-setup.xml b/winsup/doc/faq-setup.xml
index 614d4a9..3764214 100644
--- a/winsup/doc/faq-setup.xml
I'd like to propose text to add to the Cygwin FAQ (https://cygwin.com/faq/ )
about how Cygwin counters MITM attacks.
How can I propose such text?
Also: shouldn't "how can I contribute to this FAQ?" be a FAQ entry?
Thanks.
--- David A. Wheeler
--
Problem reports:
download and update process is secure.
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
t for any file and any
> user account, it'd be a lot of time-consuming effort.
I expect that improving the emulation for just the "current user" would be
useful.
That is an *extremely* common situation.
--- David A. Wheeler
--
Problem reports: http://cygwin.com/p
man-in-the-middle (MITM)
attacks during installation and update?"
Thanks.
--- David A. Wheeler
=== DETAILS ===
Here is how I think Cygwin will counter man-in-the-middle (MITM) attacks
during installation and update (once the switch to SHA-512 is complete):
1. The Cygwin server is correctl
On Thu, 26 Feb 2015 23:37:37 +0100, Corinna Vinschen
wrote:
> On Feb 26 17:31, David A. Wheeler wrote:
> > The Cygwin front web page ( https://www.cygwin.com/ ) says:
> > "Install it by running setup-x86.exe (32-bit installation) or
> > setup-x86_64.exe (64-bit inst
malicious code into a Windows .exe file.
Please fix those links to use "https:", and not "http:".
You might also want to enable "HTTP Strict Transport Security" (HSTS) on the
Cygwin website.
--- David A. Wheeler
--
Problem reports: http://cygwin.co
12 matches
Mail list logo
