This is the mail archive of the cygwin-talk mailing list for the cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: MD5s of setup.exe on mirrors.


[ bock-bock because it's getting a bit tired on the main list and the actual
issue is long since dealt with. ]

On 14 May 2007 19:22, Christopher Faylor wrote:

> On Mon, May 14, 2007 at 02:06:27PM -0400, Larry Hall (Cygwin) wrote:
>> Alexander Sotirov wrote:
>>> Christopher Faylor wrote:
>>>> It was actually all academic before since: 1) there was nothing wrong
>>>> with the setup.exe on the mirrors and 2) people shouldn't have been
>>>> running setup.exe from the mirrors to begin with.
>>> 
>>> Can you elaborate on why people shouldn't run setup.exe from the mirrors?
>>> I 
>>> don't see what is the difference between setup.exe and the other
>>> packages. If 
>>> you trust the mirror for all other binaries, why don't you trust it for
>>> setup.exe? 
>> 
>> Propagation time delays would be one reason.  Since it's easy to grab
>> 'setup.exe' from the source, there's no sense using one that might be
>> dated.
> 
> That + if you want to talk about trust then you should trust the method
> that we advertise for installing cygwin which is to click on the
> "Install Cygwin Now!" link.

  But that /still/ doesn't differentiate between "setup.exe" and any other
random .exe found in the installed packages, so it doesn't explain why there
is a discrepancy in the rules for trusting one particular .exe as compared to
any other.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]