include SHA1/MD5 hash/digest of setup.exe, and HTTPS

Christopher Faylor cgf-use-the-mailinglist-please@cygwin.com
Thu Sep 27 17:29:00 GMT 2012


On Thu, Sep 27, 2012 at 05:29:56PM +0200, Noel Grandin wrote:
>On 2012-09-27 17:22, James Johnston wrote:
>>This is just as pointless as serving over plaintext HTTP and creates a
>>false illusion of security.
>
>And in the words of Linus Torvalds: "The perfect is the enemy of the
>good".  (Not actually originally by him, but he probably carries more
>weight around here)

There is another aphorism that trumps all of this: "Someone has to do
it".  I seem to not be making it clear that it is very unlikely that a
cygwin site maintainer (me) and a setup.exe developer (to a small degree
me + others) are all avidly reading these musings and looking for things
to do.

Cygwin, like most free software projects, has always been short on doers
and long on "experts with not enough time".  So, pontificate all you want
about the best ways to do things but please understand that it's likely
that nothing you say will have any effect on the project unless you are
interested in helping out yourself.

cgf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list