Greetings, Lee! >> Which is way worse in my opinion, than any theoretical MITM attack, which >> is easily mitigated with proper validation of your downloads.
> Serious question - exactly how does one do "proper validation of your > downloads"? Use PGP signature to validate the installer. Use separate channel to obtain trust records for PGP key used in signing. And not blindly trust "supposedly-secure" connections. -- With best regards, Andrey Repin Tuesday, March 12, 2019 23:31:45 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple