Identical Cygwin websites - differing downloads
happynumnums
happynumnums@proton.me
Thu Jun 15 13:20:18 GMT 2023
When looking for the latest Cygwin installer, I came across two different domains.
One insecure:
http://cygwin.org/
and one secure:
https://cygwin.net/
When checking the downloaded latest 3.4.6 installer with sha512sum.exe, I get differing checksums from the executables from both websites:
an unexpected checksum (from first site)
787c46173f5f91d350d31053f09d2bc18e1a80907a9f571f905fa7579cd2fa7b2502337da57aa70a5c8c4209a365f3604cee3c8ffe6c451b397986ddf17eea14
and the expected checksum from the 2nd site (as printed on both pages):
4779bead277ba7e682212ed3b1c9c2a56f9b15586dc2db3949556958b683b6f8a11c1c8957e1027d798281fcc98ccf12c418a609911c7e553787c88f8af86152
The first file size shows 1350kB, the 2nd 1356kb.
Can somebody clarify, if cygwin.org is a phishing site or otherwise explain the differences?
Sent with [Proton Mail](https://proton.me/) secure email.
More information about the Cygwin
mailing list