This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Should cygwin's setup*.exe be signed using Sign Tool?
- From: "David A. Wheeler" <dwheeler at dwheeler dot com>
- To: "bryan.berns" <bryan dot berns at gmail dot com>
- Cc: "cygwin" <cygwin at cygwin dot com>
- Date: Thu, 02 Apr 2015 23:27:42 -0400 (EDT)
- Subject: Re: Should cygwin's setup*.exe be signed using Sign Tool?
- Authentication-results: sourceware.org; auth=none
- Reply-to: dwheeler at dwheeler dot com
On Thu, 2 Apr 2015 21:23:16 -0400, Bryan Berns <bryan.berns@gmail.com> wrote:
> Since the setup executable is responsible for running a whole bunch of
> community contributed post-install executables as part of the
> installation process, I'm not sure whether it'd be advisable to stamp
> a particular individual's name or company's name on the executive
> installer (e.g. Red Hat, for example).
I would expect the publisher to be "The Cygwin Project".
That's what the website says, after all!
In my mind, the point of the signature would be to assure that you have the correct
(untainted) installer, and that the other software installed was the one from Cygwin.
As far as community install issue goes, the same this is true for Fedora, Debian, etc.,
and that seems to be reasonably understood.
--- David A. Wheeler
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple