hacked package on server

Louis Kruger lpkruger@cs.wisc.edu
Mon Jul 16 17:55:00 GMT 2007


> I do think that instead of simply aborting the install with a message that 
> the server was compromised (was it?  or is something else going on?), that 
> a more useful option would be to allow the user to select a different 
> mirror and continue the process.
>
>   

Sure.  I just wanted to make the point that it is important to take 
extra steps to protect end-user from malicious tampering.

If you want to investigate this, the file is here.  The file size is 
correct, the MD5 is not.

http://mirrors.dotsrc.org/cygwin/release/vim/vim-7.1-1.tar.bz2

Louis

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list