This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Setup version


Eric Blake wrote on 05 August 2008 02:29:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> According to Mike Cappella on 8/4/2008 2:33 PM:
>> With the recent CVE security announcement regarding setup.exe:
>> 
>>    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3323
>> 
>> I'm wondering if perhaps it make sense to include the version number of
>> setup.exe on the main Cygwin web page?  It is currently seems to require
>> downloading setup.exe and running it to determine the version number.
> 
> On the other hand, the above vulnerability can only occur if you click
> beyond the screen displaying the version number, so there isn't really any
> harm in running setup.exe to determine whether it is new enough to avoid
> that particular bug.

  Also, we're going to add a link to the setup.exe gpg .sig file on the main
page; then the simple rule will be "If it has a gpg signature, it's the new
version".


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]