This is the mail archive of the
mailing list for the Cygwin project.
Re: Signatures for binary packages
- From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu>
- To: "Peter L. Smilde" <smilde at terrasys dot de>
- Cc: cygwin at cygwin dot com
- Date: Fri, 16 May 2003 13:40:05 -0400 (EDT)
- Subject: Re: Signatures for binary packages
- Reply-to: cygwin at cygwin dot com
On Fri, 16 May 2003, Peter L. Smilde wrote:
> According to the gnupg anouncement of November, the source-code package
> of gnupg contains signature files for several of its parts. Are there
> also signature files available for the binary packages?
> Alternatively checksums can be used. But the checksums contained in the
> packages are only good for checking the data transfer; for security
> checking the checksums should be published independently.
Every package published on the Cygwin mirrors has an md5.sum file along
with it that contains the needed checksums. The comment that they should
be published independently is valid (i.e., md5.sum files aren't accessible
on ftp://cygwin.com). The two possible solutions are (a) allowing people
to download md5.sum files from the ftp, and (b) publishing one huge
md5.sum file for all packages updated whenever there's an upload.
Alternatively, one could always check a few random mirrors... :-D
|\ _,,,---,,_ email@example.com
ZZZzz /,`.-'`' -. ;-;;,_ firstname.lastname@example.org
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
Knowledge is an unending adventure at the edge of uncertainty.
-- Leto II
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html