setup.exe.sig not verifiable?
Patrick Strasser
patrick.strasser@tugraz.at
Thu Jan 13 21:42:00 GMT 2011
Hello list!
I saw on the install page[1] that you can check the validity of the
setup.exe with the provided signature file and PGP keyring. Great!
Unfortunately I cannot find a trust path to the signature. It seems that
only Dave Korn signed with his key 0x6A388C3E, but his key is unsigned.
So how should I know that not all three, setup.exe, setup.exe.sig and
the keyring are tampered? Or am I missing something?
Regards
Patrick
[1] http://cygwin.com/install.html
--
Engineers motto: cheap, good, fast: choose any two
Patrick Strasser <patrick dot strasser at student dot tugraz dot at>
Student of Telemati_cs_, Techn. University Graz, Austria
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list