SSL not required for setup.exe download
Andrey Repin
anrdaemon@yandex.ru
Tue Mar 12 20:35:00 GMT 2019
Greetings, Lee!
>> Which is way worse in my opinion, than any theoretical MITM attack, which
>> is easily mitigated with proper validation of your downloads.
> Serious question - exactly how does one do "proper validation of your
> downloads"?
Use PGP signature to validate the installer. Use separate channel to obtain
trust records for PGP key used in signing.
And not blindly trust "supposedly-secure" connections.
--
With best regards,
Andrey Repin
Tuesday, March 12, 2019 23:31:45
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list