This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

include SHA1/MD5 hash/digest of setup.exe, and HTTPS

Please include SHA1/MD5 hash/digest code of "setup.exe" file, on webpage
next to "setup.exe" download url-link.
so we can know for sure, if we have a correct file or not, and someone
in middle (MITM) has not changed it.

Windows users prefer to verify files rather with sha1/md5 etc, than
using asc, as asc verification is more complicated.

And also, please distribute the setup.exe, via using a HTTPS based
URL/site. So we/users can get it securely (and over encrypted
connections) from your site,

No need for a paid/purchased SSL/TLS certificate. A self-signed or
CAcert or other free cert (various cert providers have free cert for
non-profit or open-source developers), is more than enough & suffice.
Much much better than using no encryption at all.

Does the "setup.exe" connect to Internet/mirror sites using https or
SSL/TLS encrypted connections ?
if not please, change "setup.exe" codes further, so that at least
initial connections while obtaining hash/digest/asc code of other source
files are obtained via using SSL/TLS (if that source site supports). You
should have or host the hash/digest/asc files of all source files under site. A larger sized source file or binary file can be
downloaded via non-https way, ONLY if the hash/digest/asc codes were
already obtained through SSL/TLS/HTTPS connection in early.

Thanks, Thanks, Thanks.
-- Bry8 Star. (Bry8Star).

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]