On 12/10/2017 12:49 PM, Ken Brown wrote:
TODO: Implement a way of validating purported mirrors. For example,
we could make sure they are signed with the cygwin signing key. Or if
the user has used the -X option to turn off signature checking, we
could make sure that setup.ini contains
This is a followup to
https://cygwin.com/ml/cygwin-apps/2011-04/msg00014.html,
in which Jon suggested splitting site selection into two pages, one
for cygwin.com mirrors (including private mirrors) and one for URLs of
other package repositories. The latter would be visible only if the
user