This is the mail archive of the
mailing list for the Cygwin project.
How do I verify the integrity of the setup.exe binary?
- From: Kasper Dupont <kasperd at zcbsf dot 22 dot aug dot 2011 dot kasperd dot net>
- To: cygwin at cygwin dot com
- Date: Mon, 22 Aug 2011 19:37:43 +0200
- Subject: How do I verify the integrity of the setup.exe binary?
I wanted to install Cygwin on one machine, but I got stuck
trying to figure out how to verify the integrity of the
downloaded setup.exe binary.
The documentation points at a signature file and public key
file hosted on the same webserver as setup.exe. Thus those
could be tampered with just as easily as setup.exe itself.
If I knew how to get the public key from a secure source, I
know how to use gpg to validate the signature. I would have
expected the public key to be available over https as well,
but I wasn't able to find it anywhere.
I looked through the FAQ, but this question did not appear
to have been addressed there.
Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer
#define _(_)"d.%.4s%."_"2s" /* This is my email address */
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple