Cygwin website uses http: (not https:) for .exe downloads, allowing man-in-the-middle attack

Darik Horn dajhorn@vanadac.com
Fri Feb 27 00:40:00 GMT 2015


Note that GPG signatures are published for the Cygwin setup binaries:

* http://cygwin.com/setup-x86.exe.sig
* http://cygwin.com/setup-x86_64.exe.sig

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list