| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=wRI82EQTDSQPML8mnqJJfWoxtyr2JY1Dm54dlvuNPQE0498iuCdbS | |
| pGGbtEKi9zhA6FeDcTA+W9E5jm/QnVfC0h4yb8ZA/cCOVoF01IJdigSvppX0dGY0 | |
| p5diyJWW9aXw8CtcIyRBbi6YGBwCuBs04+DdW+t5zh+yKCTlH7j/BA= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=yI430ZL34cpvFuzYS64KRXSM+rY=; b=I3ghiuLJd0oHltQX+/MybI9L9Dwf | |
| r7mQkdA/dFu/5bphBDTVYJnGpTtfJ5XcDtf6kNyV127gqYA0FKQWySfYTG8yHrqj | |
| ezup2vn/DbgXs68y9VPOqR8tnUpvd+sFQU+oqW18hzBfaYaI8mfQsAPqRtrbnYct | |
| sdROHFEKD9BbSlI= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Tue, 31 Mar 2015 21:29:51 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: [PATCH] Add FAQ entry on how Cygwin counters man-in-the-middle (MITM) attacks |
| Message-ID: | <20150331192951.GA23523@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <E1Yd0aB-0002gt-Gs AT rmm6prod02 DOT runbox DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <E1Yd0aB-0002gt-Gs@rmm6prod02.runbox.com> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--9amGYk9869ThD9tj Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mar 31 14:08, David A. Wheeler wrote: > Signed-off-by: David A. Wheeler Ugh! *Short* patches are ok for the cygwin mailing list. Short being a handful of lines, not entire novels. Novels go to cygwin-patches, please :) Other than that, patch looks almost ok. I only scanned it for now since it's late in the day for me. One nit: > +<para> > +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes. > +Cygwin used both MD5 and length checks, which makes some attacks harder > +than if Cygwin used only MD5, > +but MD5 is no longer considered a secure cryptographic hash algorithm. > +The 2015-02-06 update of the setup program > +added support for the SHA-512 cryptographic hash algorithm for > +sigining the <literal>setup.ini</literal> package list, as described in > +<ulink url=3D"https://cygwin.com/ml/cygwin/2015-02/msg00093.html"/>. > +The announcement also noted that there will be a switch to SHA-512 > +checksums in the <literal>setup.ini</literal> files. The switch has been performed 2015-03-23. I'll read it more thoroughly tomorrow. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --9amGYk9869ThD9tj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVGvWvAAoJEPU2Bp2uRE+g8mEP/RzBDybvDslNfIbWrRwFjEYH XqsXz+GER/WNcSMVpUc3omsQN/6ad5F2FaxxAMMr82ux5zuPkpeWNYY8yM9MZvFB 7QuxKhtJSh+M4OlYDxEedmHkLpaxP+NhlSB2xER9/qu3xDPgEVmNllbFh7RJDkaj WIFljz2tEXM5NOPE73AGAEX8wkY/nseDWGOokustnFXqN3qu2nj8v1v203yxFTfw aDEGVXoPx7UBWmBTNHjnQnAp4c2O3dnU06YTUj/itWQ1F1XGJBN0n1ZJRb0IByT1 YbjY9o3risSdFUUsvsit/+0ceLmg8op79fo+mgu5a6bLinEtanKQHa1pLY8mqklB GjnIEmLd2GVoLJuinjZbF+V/h61Gz0N18w9vfJZbXhqu/EDFSw60JNejeLgveqbI Irv9qWwi+cZEfIWF+CYWgyV5xnoN8/UidB+1n1SrHDGl0ErYTr5iUwIs0++/f70m E4Q1OQKFmI0s5s5nNgKL+S7R/iX3Dwd7vLcXGlXLehssVX+HcipAwT3nc2+lXAEY xPWgyaiiPdeaWeiFJ0K4cjSvhFRz+pAgmT1hK6y+aEPkc4nyrPQj802jtWQZmxkG UNtSh1QZDw+MhHBJFCpOCFx++PRra0fJUvJ5RqTg69BZgmwFw+3S5jO8T+sp2j8p B6VE9+6kNrp5cK9LNXtC =XqXj -----END PGP SIGNATURE----- --9amGYk9869ThD9tj--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |