This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signatures for binary packages

On Fri, 16 May 2003, Peter L. Smilde wrote:

> Hi,
> According to the gnupg anouncement of November, the source-code package
> of gnupg contains signature files for several of its parts. Are there
> also signature files available for the binary packages?
> Alternatively checksums can be used. But the checksums contained in the
> packages are only good for checking the data transfer; for security
> checking the checksums should be published independently.
> Regards,
> Peter


Every package published on the Cygwin mirrors has an md5.sum file along
with it that contains the needed checksums.  The comment that they should
be published independently is valid (i.e., md5.sum files aren't accessible
on  The two possible solutions are (a)  allowing people
to download md5.sum files from the ftp, and (b) publishing one huge
md5.sum file for all packages updated whenever there's an upload.
Alternatively, one could always check a few random mirrors... :-D
      |\      _,,,---,,_
ZZZzz /,`.-'`'    -.  ;-;;,_
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Knowledge is an unending adventure at the edge of uncertainty.
  -- Leto II

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]