This is the mail archive of the
cygwin
mailing list for the Cygwin project.
How do I verify the integrity of the setup.exe binary?
- From: Kasper Dupont <kasperd at zcbsf dot 22 dot aug dot 2011 dot kasperd dot net>
- To: cygwin at cygwin dot com
- Date: Mon, 22 Aug 2011 19:37:43 +0200
- Subject: How do I verify the integrity of the setup.exe binary?
I wanted to install Cygwin on one machine, but I got stuck
trying to figure out how to verify the integrity of the
downloaded setup.exe binary.
The documentation points at a signature file and public key
file hosted on the same webserver as setup.exe. Thus those
could be tampered with just as easily as setup.exe itself.
If I knew how to get the public key from a secure source, I
know how to use gpg to validate the signature. I would have
expected the public key to be available over https as well,
but I wasn't able to find it anywhere.
I looked through the FAQ, but this question did not appear
to have been addressed there.
--
Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer
#define _(_)"d.%.4s%."_"2s" /* This is my email address */
char*_="@2kaspner"_()"%03"_("4s%.")"t\n";printf(_+11,_+6,_,11,_+2,_+7,_+6);
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple