This is the mail archive of the
mailing list for the Cygwin project.
Re: SSL not required for setup.exe download
>> Which is way worse in my opinion, than any theoretical MITM attack, which
>> is easily mitigated with proper validation of your downloads.
> Serious question - exactly how does one do "proper validation of your
Use PGP signature to validate the installer. Use separate channel to obtain
trust records for PGP key used in signing.
And not blindly trust "supposedly-secure" connections.
With best regards,
Tuesday, March 12, 2019 23:31:45
Sorry for my terrible english...
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple