This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: incomplete/corrupted setup.exe
On 2010/03/14 12:02 PM, Christopher Faylor wrote:
> We are not going to be installing an https server in the hopes that it
> will defeat misguided setup.exe blocking for the same reason that we
> won't be adopting a new versioning scheme - neither is a guarantee.
>
> I don't mind trying to figure out clever ways to defeat Windows
> limitations but I draw the line at spending nontrivial amounts of my
> time trying to deal with brain-dead limitations of users' networks.
>
> The way to install Cygwin on your computer is to click on the "Install
> Cygwin Now!" link at http://cygwin.com/ . If you can't get that to work
> then you need to work with your local IT to figure out why.
IT departments are becoming increasingly security conscious. That's
probably why the OP had trouble downloading setup.exe. It wasn't because
his IT was "brain-dead", but because there are legitimate security
concerns about downloading an unsigned exe over a non-SSL-authenticated
channel.
I suggest people inform themselves about the current state of art in
"man-in-the-middle" hijacking attacks, because the means by which
cygwin.com currently distributes setup.exe is vulnerable to a MITM
surreptitiously delivering a trojan setup.exe in place of the actual.
For this reason, I caution Cygwin users against downloading setup.exe
over unsafe networks (e.g. public wireless hotspots, hotel networks, etc.).
-SM
--
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple