From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from re-prd-fep-042.btinternet.com (mailomta4-re.btinternet.com [213.120.69.97]) by sourceware.org (Postfix) with ESMTPS id A5FA5385E824 for ; Fri, 13 Mar 2020 16:34:23 +0000 (GMT) Received: from re-prd-rgout-003.btmx-prd.synchronoss.net ([10.2.54.6]) by re-prd-fep-042.btinternet.com with ESMTP id <20200313163422.QJNI28880.re-prd-fep-042.btinternet.com@re-prd-rgout-003.btmx-prd.synchronoss.net> for ; Fri, 13 Mar 2020 16:34:22 +0000 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com X-Originating-IP: [86.141.128.2] X-OWM-Source-IP: 86.141.128.2 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedugedruddvjedgkeekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepuffhvfhfkffffgggjggtgfesthejredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuffhomhgrihhnpegthihgfihinhdrtghomhdpghhnuhhpghdrohhrghenucfkphepkeeirddugedurdduvdekrddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurddutdeingdpihhnvghtpeekiedrudeguddruddvkedrvddpmhgrihhlfhhrohhmpeeojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukhequceuqfffjgepkeeukffvoffkoffgpdhrtghpthhtohepoegthihgfihinhdqrghnnhhouhhntggvsegthihgfihinhdrtghomheq X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.106] (86.141.128.2) by re-prd-rgout-003.btmx-prd.synchronoss.net (5.8.340) (authenticated as jonturney@btinternet.com) id 5E3A16DE05B46041 for cygwin-announce@cygwin.com; Fri, 13 Mar 2020 16:34:22 +0000 Subject: Re: Cygwin setup signing public key update From: Jon Turney To: cygwin-announce@cygwin.com References: <6312.65287972695$1584116184@news.gmane.org> Message-ID: <73cab308-f9a9-7a9b-bc92-d5d9180c7153@dronecode.org.uk> Date: Fri, 13 Mar 2020 16:34:22 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <6312.65287972695$1584116184@news.gmane.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=FORGED_SPF_HELO, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Mailman-Approved-At: Fri, 13 Mar 2020 16:35:02 +0000 X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin-announce mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 16:34:25 -0000 On 13/03/2020 16:13, Jon Turney wrote: > This is an announcement of an update to the key used to sign (i) > Cygwin setup executables, and (ii) the (compressed) setup.ini package > manifest. If you just run setup, and update it when it tells you to update it, no action is required, and this message chain will be of limited interest to you. This update is following the policy announced at [1]: > On 05/08/2008 14:30, Dave Korn wrote: >> If we, from time to time, need to change this key, we will release >> a new version of setup.exe and make announcements on the cygwin >> and cygwin-announce mailing lists, and on the cygwin.com website. Also see that post for further discussion of the technicals details of setup signing. The transition period, during which signatures are made using both keys will probably be approx. 90 days, circumstances permitting. Note that due to technical limitations in old versions of setup, the form of signature we use on setup.ini is one that gpg can make, but cannot verify for both keys. This is only an issue if you manually verify setup.ini with gpg, rather than letting setup do it. (See [2]) [1] https://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html [2] https://dev.gnupg.org/T1462