[PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks
David A. Wheeler
dwheeler@dwheeler.com
Wed Apr 1 15:10:00 GMT 2015
On Wed, 1 Apr 2015 10:30:14 +0200, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> > +<qandaentry id="faq.setup.mitm">
> > +<question><para>How does Cygwin counter man-in-the-middle (MITM) attacks during installation and upgrade?</para></question>
> > +<answer>
>
> The title is too specific, IMHO. What about something along the lines
> of "How Cygwin secures the installation process"?
Okay, switched that to:
<qandaentry id="faq.setup.install-security">
<question><para>How does Cygwin secure the installation and update process?</para></question>
The next question is worded as (which I think contrasts clearly):
<qandaentry id="faq.setup.increase-install-security">
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>
> > +<para>
> > +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays...
> I would drop this para. Just refer to
> https://en.wikipedia.org/wiki/Man-in-the-middle_attack
> at some convenient point in the following para.
Just jumping into a list seems too abrupt, especially since there's text after the list.
I'll greatly shorten the intro paragraph, and link to Wikipedia.
> We already switched to sha512, so you can skip the entire MD5
> consideration. Just describe the sha512 checking.
Excellent, will do.
> All in all the text looks good to me. You're not interested to improve
> other parts of the documentation as well, by any chance? :)
We'll see :-).
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list