How do I verify the integrity of the setup.exe binary?

Kasper Dupont
Mon Aug 22 17:38:00 GMT 2011

I wanted to install Cygwin on one machine, but I got stuck
trying to figure out how to verify the integrity of the
downloaded setup.exe binary.

The documentation points at a signature file and public key
file hosted on the same webserver as setup.exe. Thus those
could be tampered with just as easily as setup.exe itself.

If I knew how to get the public key from a secure source, I
know how to use gpg to validate the signature. I would have
expected the public key to be available over https as well,
but I wasn't able to find it anywhere.

I looked through the FAQ, but this question did not appear
to have been addressed there.

Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer
#define _(_)"d.%.4s%."_"2s" /* This is my email address */

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list